Standardlikelihood: LowDraft

CAPEC-217Exploiting Incorrectly Configured SSL/TLS

Abstraction
Standard
Status
Draft
Likelihood
Low

Description

An adversary takes advantage of incorrectly configured SSL/TLS communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server. Metadata: standard CAPEC pattern, status draft, likelihood low. Underlying weakness: CWE-201. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-201

Related attack patterns· 1

CAPEC-216 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInsertion of Sensitive Information Into Sent Datacwe-201100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Exploiting Incorrectly Configured Access Control Security Levels
CAPEC
Exploitation of Trusted Identifiers
CAPEC
Exploiting Trust in Client
CAPEC
Client-Server Protocol Manipulation
CAPEC
Protocol Manipulation
CAPEC
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.