CAPEC-216: Communication Channel Manipulation
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.
前提条件
- The target application must leverage an open communications channel.
- The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
所需资源
- A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.
后果影响
影响范围: Integrity
技术影响: Read Data
说明: The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.
影响范围: Confidentiality
技术影响: Read Data
说明: A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel's confidentiality.
缓解措施
Encrypt all sensitive communications using properly-configured cryptography.
Design the communication system such that it associates proper authentication/authorization with each channel/message.