Metalikelihood: Highseverity: HighDraft

CAPEC-22Exploiting Trust in Client

Abstraction
Meta
Status
Draft
Likelihood
High
Severity
High

Description

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

Related weaknesses· 5

CWE-290CWE-287CWE-20CWE-200CWE-693

Exploits5

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-290100%live
WeaknessImproper Input Validationcwe-20100%live
WeaknessProtection Mechanism Failurecwe-693100%live
WeaknessImproper Authenticationcwe-287100%live
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Client-Server Protocol Manipulation
CAPEC
Create Malicious Client
CAPEC
Authentication Abuse
CAPEC
Protocol Manipulation
CAPEC
Exploiting Incorrectly Configured SSL/TLS
CAPEC
Exploitation of Trusted Identifiers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.