Detailedlikelihood: Lowseverity: HighDraft

CAPEC-65Sniff Application Code

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.

Related weaknesses· 4

CWE-319CWE-311CWE-318CWE-693

MITRE ATT&CK crosswalk· 1

T1040: Network Sniffing

Related attack patterns· 2

CAPEC-157 (ChildOf)CAPEC-37 (CanPrecede)

Exploits4

TypeTargetConfidenceTier
WeaknessProtection Mechanism Failurecwe-693100%live
WeaknessCleartext Storage of Sensitive Information in Executablecwe-318100%live
WeaknessCleartext Transmission of Sensitive Informationcwe-319100%live
WeaknessMissing Encryption of Sensitive Datacwe-311100%live

Related to1

TypeTargetConfidenceTier
TechniqueNetwork Sniffingt1040100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
CAPEC
DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
CAPEC
DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
CAPEC
Sniffing Network Traffic
CAPEC
Remote Code Inclusion
CAPEC
Sniffing Attacks
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.