Standardlikelihood: Highseverity: HighDraft

CAPEC-12Choosing Message Identifier

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

Related weaknesses· 2

CWE-201CWE-306

Related attack patterns· 2

CAPEC-21 (PeerOf)CAPEC-216 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-306100%live
WeaknessInsertion of Sensitive Information Into Sent Datacwe-201100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Protocol Manipulation
CAPEC
Communication Channel Manipulation
CAPEC
Client-Server Protocol Manipulation
CAPEC
Identity Spoofing
CAPEC
Spoofing of UDDI/ebXML Messages
CAPEC
Application API Message Manipulation via Man-in-the-Middle
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.