CAPEC - CAPEC-207: Removing Important Functionality from the Client (Release 1.4)

Home > CAPEC List > CAPEC-207: Removing Important Functionality from the Client (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-207: Removing Important Functionality from the Client

Removing Important Functionality from the Client

Attack Pattern ID: 207 (Standard Attack Pattern Completeness: Stub)

Typical Severity: Medium

Status: Draft

Description

Summary

An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.

Attack Prerequisites

The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client.

Resources Required

The attacker must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary.

Related Vulnerabilities

Vulnerability ID	Relationship Description
CVE-2009-0247	The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable.

Related Attack Patterns

Nature	Type	ID	Name	Description	View(s) this relationship pertains to
ChildOf	Attack Pattern	22	Exploiting Trust in Client (aka Make the Client Invisible)		Mechanism of Attack (primary)1000
ParentOf	Attack Pattern	56	Removing/short-circuiting 'guard logic'		Mechanism of Attack (primary)1000

Page Last Updated: September 23, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us