CAPEC-22: Exploiting Trust in Client

ID CAPEC-22

Typical Severity High

Likelihood Of Attack High

Status Draft

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

https://capec.mitre.org/data/definitions/22.html

Weaknesses

# ID	Name	Type
CWE-20	Improper Input Validation	weakness
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor	weakness
CWE-287	Improper Authentication	weakness
CWE-290	Authentication Bypass by Spoofing	weakness
CWE-693	Protection Mechanism Failure	weakness