CAPEC-94: Adversary in the Middle (AiTM)

Description
<p>An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.<p>
Extended Description

Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first flows through the adversary, who has the opportunity to observe or alter it, before being passed on to the intended recipient as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for these attacks yields an implicit lack of trust in communication or identify between two components.

These attacks differ from Sniffing Attacks (CAPEC-157) since these attacks often modify the communications prior to delivering it to the intended recipient.

Severity :

Very High

Possibility :

High

Type :

Meta
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-216: Communication Channel Manipulation Communication Channel Manipulation CAPEC-219: XML Routing Detour Attacks XML Routing Detour Attacks CAPEC-271: Schema Poisoning Schema Poisoning CAPEC-383: Harvesting Information via API Event Monitoring Harvesting Information via API Event Monitoring CAPEC-384: Application API Message Manipulation via Man-in-the-Middle Application API Message Manipulation via Man-in-the-Middle CAPEC-386: Application API Navigation Remapping Application API Navigation Remapping CAPEC-466: Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy CAPEC-662: Adversary in the Browser (AiTB) Adversary in the Browser (AiTB) CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB) Key Negotiation of Bluetooth Attack (KNOB) CAPEC-697: DHCP Spoofing DHCP Spoofing CAPEC-701: Browser in the Middle (BiTM) Browser in the Middle (BiTM)
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • There are two components communicating with each other.
  • An attacker is able to identify the nature and mechanism of communication between the two target components.
  • An attacker can eavesdrop on the communication between the target components.
  • Strong mutual authentication is not used between the two target components yielding opportunity for attacker interposition.
  • The communication occurs in clear (not encrypted) or with insufficient and spoofable encryption.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium This attack can get sophisticated since the attack may use cryptography.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Adversary-in-the-Middle OWASP Attacks | Man-in-the-middle attack
Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-287: Improper Authentication

CWE-290: Authentication Bypass by Spoofing

CWE-294: Authentication Bypass by Capture-replay

CWE-300: Channel Accessible by Non-Endpoint

CWE-593: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

Visit http://capec.mitre.org/ for more details.