CAPEC-220: Client-Server Protocol Manipulation

Description

An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions.

Extended Description

For example, an authentication protocol might be used to establish the identities of the server and client while a separate messaging protocol might be used to exchange data. If there is a weakness in a protocol used by the client and server, an attacker might take advantage of this to perform various types of attacks. For example, if the attacker is able to manipulate an authentication protocol, the attacker may be able spoof other clients or servers. If the attacker is able to manipulate a messaging protocol, the may be able to read sensitive information or modify message contents. This attack is often made easier by the fact that many clients and servers support multiple protocols to perform similar roles. For example, a server might support several different authentication protocols in order to support a wide range of clients, including legacy clients. Some of the older protocols may have vulnerabilities that allow an attacker to manipulate client-server interactions.

Severity :

Medium

Possibility :

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-5: Blue Boxing Blue Boxing CAPEC-33: HTTP Request Smuggling HTTP Request Smuggling CAPEC-34: HTTP Response Splitting HTTP Response Splitting CAPEC-105: HTTP Request Splitting HTTP Request Splitting CAPEC-272: Protocol Manipulation Protocol Manipulation CAPEC-273: HTTP Response Smuggling HTTP Response Smuggling CAPEC-274: HTTP Verb Tampering HTTP Verb Tampering

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Visit http://capec.mitre.org/ for more details.