Metalikelihood: Highseverity: Very HighStable

CAPEC-173Action Spoofing

Abstraction
Meta
Status
Stable
Likelihood
High
Severity
Very High

Description

An adversary is able to disguise one action for another and therefore trick a user into initiating one type of action when they intend to initiate a different action. For example, a user might be led to believe that clicking a button will submit a query, but in fact it downloads software. Adversaries may perform this attack through social means, such as by simply convincing a victim to perform the action or relying on a user's natural inclination to do so, or through technical means, such as a clickjacking attack where a user sees one interface but is actually interacting with a second, invisible, interface.

Related weaknesses· 1

CWE-451

Exploits1

TypeTargetConfidenceTier
WeaknessUser Interface (UI) Misrepresentation of Critical Informationcwe-451100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Clickjacking
CAPEC
Identity Spoofing
CAPEC
Application API Button Hijacking
CAPEC
Content Spoofing
CAPEC
Intent Spoof
CAPEC
Content Spoofing Via Application API Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.