CAPEC-216

Meta Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Communication Channel Manipulation

Description

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

Prerequisites

The target application must leverage an open communications channel.

The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).

Mitigations

Encrypt all sensitive communications using properly-configured cryptography.

Design the communication system such that it associates proper authentication/authorization with each channel/message.