| Name |
Communication Channel Manipulation |
|
| Likelyhood of attack |
Typical severity |
| High |
Low |
|
| Summary |
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise. |
| Prerequisites |
The target application must leverage an open communications channel. The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94). |
| Solutions | Encrypt all sensitive communications using properly-configured cryptography. Design the communication system such that it associates proper authentication/authorization with each channel/message. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-306 |
Missing Authentication for Critical Function |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-94 |
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components. |
|