|
|
| Home > CAPEC List > Individual CAPEC Dictionary Definition (Release 1.1) | View the CAPEC List |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Individual CAPEC Dictionary Definition (Release 1.1)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Choosing a Message/Channel Identifier on a Public/Multicast Channel | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Attack Pattern ID | Pattern Abstraction: Standard 12 | ||||||||||||||||||||||||||||||||
| Typical Severity | High | ||||||||||||||||||||||||||||||||
| Description | Summary Attackers aware that more data is being fed into a multicast or public information distribution means can 'select' information bound only for another client, even if the distribution means itself forces users to authenticate in order to connect initally. Attack Execution Flow
| ||||||||||||||||||||||||||||||||
| Attack Prerequisites | Information and client-sensitive (and client-specific) data must be present through a distribution channel available to all users. Distribution means must code (through channel, message identifiers, or convention) message destination in a manner visible within the distribution means itself (such as a control channel) or in the messages themselves. | ||||||||||||||||||||||||||||||||
| Typical Likelihood of Exploit | Very High | ||||||||||||||||||||||||||||||||
| Examples-Instances | Description
| ||||||||||||||||||||||||||||||||
| Attacker Skill or Knowledge Required | Low: All the attacker needs to discover is the format of the messages on the channel/distribution means and the particular identifier used within the messages. | ||||||||||||||||||||||||||||||||
| Resources Required | The Attacker needs the ability to control source code or application configuration responsible for selecting which message/channel id is absorbed from the public distribution means. | ||||||||||||||||||||||||||||||||
| Probing Techniques | Assisted protocol analysis: because the protocol under attack is a public channel, or one in which the attacker likely has authorized access to, they need simply to decode the aspect of channel or message interpretation that codes for message identifiers. Probing is as simple as changing this value and watching its effect. | ||||||||||||||||||||||||||||||||
| Solutions and Mitigations | Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages. The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message. Rearchitect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them. | ||||||||||||||||||||||||||||||||
| Attack Motivation- |
| ||||||||||||||||||||||||||||||||
| Context Description | This pattern applies in circumstances in which publically accessible distribution means code (through channel, message identifiers, or convention) for client-specific subscription information about messages being distributed. Commonly, this will happen over message-oriented middleware buses, multicast channels, or feeds. | ||||||||||||||||||||||||||||||||
| Related Weaknesses |
| ||||||||||||||||||||||||||||||||
| Related Attack Patterns |
| ||||||||||||||||||||||||||||||||
| Related Security Principles |
| ||||||||||||||||||||||||||||||||
| Related Guidelines |
| ||||||||||||||||||||||||||||||||
| Purpose | Penetration | ||||||||||||||||||||||||||||||||
| CIA Impact |
| ||||||||||||||||||||||||||||||||
| Technical Context |
| ||||||||||||||||||||||||||||||||
| Source |
| ||||||||||||||||||||||||||||||||