Detailedseverity: MediumDraft

CAPEC-208Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.

Related weaknesses· 1

CWE-602

Related attack patterns· 1

CAPEC-207 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessClient-Side Enforcement of Server-Side Securitycwe-602100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Manipulating Hidden Fields
CAPEC
Removing Important Client Functionality
CAPEC
DEPRECATED: Removing/short-circuiting 'guard logic'
CAPEC
Transaction or Event Tampering via Application API Manipulation
CAPEC
Cache Poisoning
CAPEC
Manipulating Opaque Client-based Data Tokens
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.