Standardseverity: MediumDraft

CAPEC-202Create Malicious Client

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures.

Related weaknesses· 1

CWE-602

Related attack patterns· 1

CAPEC-22 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessClient-Side Enforcement of Server-Side Securitycwe-602100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Client-Server Protocol Manipulation
CAPEC
Exploiting Trust in Client
CAPEC
Protocol Manipulation
CAPEC
Application API Message Manipulation via Man-in-the-Middle
CAPEC
IMAP/SMTP Command Injection
CAPEC
Authentication Abuse
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.