CAPEC-194: Fake the Source of Data

Description

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Extended Description

Although certain techniques for protocol analysis benefit from manipulating live 'on-the-wire' interactions between communicating components, static or dynamic analysis techniques applied to executables as well as to device drivers, such as network interface drivers, can also be used to reveal the function and characteristics of a communication protocol implementation. Depending upon the methods used the process may involve observing, interacting, and modifying actual communications occurring between hosts. The goal of protocol analysis is to derive the data transmission syntax, as well as to extract the meaningful content, including packet or content delimiters used by the protocol. This type of analysis is often performed on closed-specification protocols, or proprietary protocols, but is also useful for analyzing publicly available specifications to determine how particular implementations deviate from published specifications.

Severity :

Medium

Possibility :

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-275: DNS Rebinding DNS Rebinding CAPEC-543: Counterfeit Websites Counterfeit Websites CAPEC-544: Counterfeit Organizations Counterfeit Organizations CAPEC-598: DNS Spoofing DNS Spoofing CAPEC-633: Token Impersonation Token Impersonation CAPEC-657: Malicious Automated Software Update via Spoofing Malicious Automated Software Update via Spoofing CAPEC-667: Bluetooth Impersonation AttackS (BIAS) Bluetooth Impersonation AttackS (BIAS) CAPEC-697: DHCP Spoofing DHCP Spoofing

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

This attack is only applicable when a vulnerable entity associates data or services with an identity. Without such an association, there would be no reason to fake the source.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

WASC | URL Redirector Abuse

Resources required

Resources required vary depending on the nature of the attack. Possible tools needed by an attacker could include tools to create custom network packets, specific client software, and tools to capture network traffic. Many variants of this attack require no attacker resources, however.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-287: Improper Authentication

Visit http://capec.mitre.org/ for more details.