ByteOS Network

CAPEC-272:Protocol Manipulation

Attack Pattern ID:272

Version:v3.9

Attack Pattern Name:Protocol Manipulation

Abstraction:Meta

Status:Draft

Typical Severity:Medium

Details Content History Related Weaknesses Reports

▼Description

An adversary subverts a communications protocol to perform an attack. This type of attack can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.

▼Relationships

Nature	Type	ID	Name
ParentOf	S	90	Reflection Attack in Authentication Protocol
ParentOf	S	220	Client-Server Protocol Manipulation
ParentOf	S	276	Inter-component Protocol Manipulation
ParentOf	S	277	Data Interchange Protocol Manipulation
ParentOf	S	278	Web Services Protocol Manipulation

Nature: ParentOf

Type: Standard

ID: 90

Name: Reflection Attack in Authentication Protocol

Nature: ParentOf

Type: Standard

ID: 220

Name: Client-Server Protocol Manipulation

Nature: ParentOf

Type: Standard

ID: 276

Name: Inter-component Protocol Manipulation

Nature: ParentOf

Type: Standard

ID: 277

Name: Data Interchange Protocol Manipulation

Nature: ParentOf

Type: Standard

ID: 278

Name: Web Services Protocol Manipulation

▼Prerequisites

The protocol or implementations thereof must contain bugs that an adversary can exploit.

▼Resources Required

In some variants of this attack the adversary must be able to intercept communications using the protocol. This means they need to be able to receive the communications from one participant and prevent the other participant from receiving these communications.