| Name |
Create Malicious Client |
|
| Likelyhood of attack |
Typical severity |
| High |
Medium |
|
| Summary |
An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures. |
| Prerequisites |
The targeted service must make assumptions about the behavior of the client application that interacts with it, which can be abused by an adversary. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-602 |
Client-Side Enforcement of Server-Side Security |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-22 |
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack. |
|