CAPEC-216 Metadata
Likelihood of Attack
High
Typical Severity
Low
Overview
Summary
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.
Prerequisites
The target application must leverage an open communications channel. The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
Potential Solutions / Mitigations
Encrypt all sensitive communications using properly-configured cryptography. Design the communication system such that it associates proper authentication/authorization with each channel/message.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-306 | Missing Authentication for Critical Function |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-94 | An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.