An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.
|
|
| ID | CAPEC-216 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 216 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | |
| Typical Severity | |
| Related Attack Patterns | ::NATURE:CanPrecede:CAPEC ID:94:: |
| Execution Flow | |
| Prerequisites | ::The target application must leverage an open communications channel.::The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).:: |
| Skills Required | |
| Resources Required | ::A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.:: |
| Indicators | |
| Consequences | ::SCOPE:Integrity:TECHNICAL IMPACT:Read Data:TECHNICAL IMPACT:Modify Data:TECHNICAL IMPACT:Other:NOTE:The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.::SCOPE:Confidentiality:TECHNICAL IMPACT:Read Data:NOTE:A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel's confidentiality.:: |
| Mitigations | ::Encrypt all sensitive communications using properly-configured cryptography.::Design the communication system such that it associates proper authentication/authorization with each channel/message.:: |
| Example Instances | |
| Related Weaknesses | ::306:: |
| Taxonomy Mappings | |
| Notes | |