CAPEC-388: Application API Button Hijacking
ID
CAPEC-388
Typical Severity
Medium
Status
Draft
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-311 | Missing Encryption of Sensitive Data | weakness |
| CWE-345 | Insufficient Verification of Data Authenticity | weakness |
| CWE-346 | Origin Validation Error | weakness |
| CWE-471 | Modification of Assumed-Immutable Data (MAID) | weakness |
| CWE-602 | Client-Side Enforcement of Server-Side Security | weakness |