CAPEC-518: Documentation Alteration to Produce Under-performing Systems

Description

An attacker with access to a manufacturer's documentation alters the descriptions of system capabilities with the intent of causing errors in derived system requirements, impacting the overall effectiveness and capability of the system, allowing an attacker to take advantage of the introduced system capability flaw once the system is deployed.

Extended Description

WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.

Severity :

High

Possibility :

Low

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-447: Design Alteration Design Alteration

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Advanced knowledge of software and hardware capabilities of a manufacturer's product.
Access to the manufacturer's documentation.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

High Ability to read, interpret, and subsequently alter manufacturer's documentation to misrepresent system capabilities.
High Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.