CAPEC-208 Metadata
Likelihood of Attack
Medium
Typical Severity
Medium
Overview
Summary
An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.
Prerequisites
The targeted server must rely on the client to correctly perform monetary calculations and must fail to detect errors in these calculations.
Potential Solutions / Mitigations
No specific solutions listed.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-602 | Client-Side Enforcement of Server-Side Security |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-207 | An adversary removes or disables functionality on the client that the server assumes to be present and trustworthy. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.