Standardlikelihood: Mediumseverity: HighDraft

CAPEC-701Browser in the Middle (BiTM)

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. Metadata: standard CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-294, CWE-345. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object].

Related weaknesses· 2

CWE-294CWE-345

Related attack patterns· 4

CAPEC-94 (ChildOf)CAPEC-151 (CanPrecede)CAPEC-148 (CanPrecede)CAPEC-98 (CanFollow)

Exploits2

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-345100%live
WeaknessAuthentication Bypass by Capture-replaycwe-294100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Adversary in the Browser (AiTB)
CAPEC
Adversary in the Middle (AiTM)
CAPEC
Clickjacking
CAPEC
Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy
CAPEC
Cross Site Tracing
CAPEC
iFrame Overlay
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.