|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Exploiting Trust in Client (aka Make the Client Invisible) | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Attack Pattern ID | Pattern Abstraction: Meta 22 | ||||||||||||||||||||||||||||
| Typical Severity | High | ||||||||||||||||||||||||||||
| Description | Summary An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. | ||||||||||||||||||||||||||||
| Attack Prerequisites | Server software must rely on client side formatted and validated values, and not re-inforce these checks on the server side. | ||||||||||||||||||||||||||||
| Typical Likelihood of Exploit | High | ||||||||||||||||||||||||||||
| Methods of Attack |
| ||||||||||||||||||||||||||||
| Examples-Instances | Description Web applications may use Javascript to perform client side validation, request encoding/formatting, and other security functions, which provides some usability benefits and eliminates some client-server roundtripping. However, the web server cannot assume that the requests it receives have been subject to those validations, because an attacker can use an alternate method for crafting the HTTP Request and submit data that contains poisoned values designed to spoof a user and/or get the web server to disclose information. Description Web 2.0 style applications may be particularly vulnerable because they in large part rely on existing infrastructure which provides scalability without the ability to govern the clients. Attackers identify vulnerabilities that either assume the client side is responsible for some security services (without the requisite ability to ensure enforcement of these checks) and/or the lack of a hardened, default deny server configuration that allows for an attacker probing for weaknesses in unexpected ways. Client side validation, request formatting and other services may be performed, but these are strictly usability enhancements not security enhancements. Description Many web applications use client side scripting like Javascript to enforce authentication, authorization, session state and other variables, but at the end of day they all make requests to the server. These client side checks may provide usability and performance gains, but they lack integrity in terms of the http request. It is possible for an attacker to post variables directly to the server without using any of the client script security checks and customize the patterns to impersonate other users or probe for more information. Description Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server's policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the messgae server accepts and acts on. | ||||||||||||||||||||||||||||
| Attacker Skill or Knowledge Required | Medium: The attacker must have fairly detailed knowledge of the syntax and semantics of client/server communications protocols and grammars | ||||||||||||||||||||||||||||
| Resources Required | Ability to communicate synchronously or asynchronously with server | ||||||||||||||||||||||||||||
| Solutions and Mitigations | Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system. Design: Do not rely on client validation or encoding for security purposes. Design: Utilize digital signatures to increase authentication assurance. Design: Utilize two factor authentication to increase authentication assurance. Implementation: Perform input validation for all remote content. | ||||||||||||||||||||||||||||
| Attack Motivation- |
| ||||||||||||||||||||||||||||
| Context Description | "Attack Pattern: Make the Client Invisible | ||||||||||||||||||||||||||||
| Related Weaknesses |
| ||||||||||||||||||||||||||||
| Purpose | Penetration | ||||||||||||||||||||||||||||
| CIA Impact |
| ||||||||||||||||||||||||||||
| Technical Context |
| ||||||||||||||||||||||||||||
| References | G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley, February 2004. | ||||||||||||||||||||||||||||
| Source |
| ||||||||||||||||||||||||||||
| Software Integrity Attacks | |||||||
|---|---|---|---|---|---|---|---|
| Attack Pattern ID | Pattern Abstraction: Meta 184 | ||||||
| Typical Severity | Low | ||||||
| Description | Summary An attacker initiates a series of events designed to cause a user, program, server, or device | ||||||
| Attacker Skill or Knowledge Required | Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code. | ||||||
| Resources Required | Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with | ||||||
| Related Weaknesses |
| ||||||
| Malicious Software Download | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Attack Pattern ID | Pattern Abstraction: Meta 185 | ||||||||
| Typical Severity | Very High | ||||||||
| Description | Summary An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack. | ||||||||
| Related Weaknesses |
| ||||||||
| Related Attack Patterns |
| ||||||||
| Reverse Engineering | |||||||
|---|---|---|---|---|---|---|---|
| Attack Pattern ID | Pattern Abstraction: Meta 188 | ||||||
| Typical Severity | Low | ||||||
| Description | Summary An attacker discovers the structure, function, and composition of an object, resource, or system | ||||||
| Resources Required | Access to or control of an object, resource, or system, to be analyzed. The technical resources required to engage in reverse engineering differ in accordance with the | ||||||
| Related Weaknesses |
| ||||||
| References | http://en.wikipedia.org/wik | ||||||
| Software Reverse Engineering | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Attack Pattern ID | Pattern Abstraction: Meta 189 | ||||||||
| Typical Severity | Low | ||||||||
| Description | Summary An attacker discovers the structure, function, and composition of a type of computer software | ||||||||
| Resources Required | Reverse engineering of software requires varying tools and methods depending upon whether an executable or other compiled object is present directly for analysis by tools capable of decompiling or monitoring its execution within an operating environment, as in the case of white box methods. Black box methods require at minimum the ability to interact with the functional boundaries where the software communicates with a larger processing environment, such as inter-process communication on a host operating system, or via networking protocols. | ||||||||
| Related Weaknesses |
| ||||||||
| Related Attack Patterns |
| ||||||||
|
|
|||
