Misbehaviour ClientImpersonation

URI: ClientImpersonation

Description: The authentication credentials of a client accessing a service are no longer secure and reliable, i.e. the client could can be impersonated to the service. This does not necessarily mean an attacker can access the service, only that they have access to client credentials.

This misbehaviour affects the trustworthiness attribute ClientAuthenticity

AuthChannel

Represents a trust relationship between a Client and a Service. Exists where the two exchange authorization tokens but not necessarily other credentials.

CC.AuC.CACHcLSS.1

Compromised client Client on host CHost used to access Service via LogicalSubnet: if Client is controlled by an attacker when its host CHost is on LogicalSubnet, the attacker can use Client to access Service via a privileged network path, thus acting as a false (impersonated) client.

CC.AuC.CACSSaS.3.2

Spoofed authorization service Service allows impersonation of Client to Process: if service Process redirects clients to service Service for authentication, and sends the client credentials to Service for validation, then if an attacker can impersonate Service to Process can falsely validate fake client credentials. Note that this does not necessarily mean they can access Process as Client, only that the client credentials are compromised. The fake token also does not give the attacker rights to other services used by Process.

CC.AuC.CACSScS.1

Possible access to Process by compromised or impersonated client Client of Service: if service Process redirects clients to service Service for authentication, an attacker able to access Service as Client will be able to obtain credentials from Service allowing them to authenticate to Process as Client. Note that this does not necessarily mean they can access service Process, only that the client credentials are compromised.

CC.AuC.CACSScS.3.1

Possible access to Process as client Client by false client of compromised service Service: if service Process redirects clients to service Service for authentication, and Service is compromised, then attackers may be able to obtain credentials from Service allowing them to authenticate to Process as Client. Note that this does not necessarily mean they can access service Process, only that the client credentials are compromised.

CC.AuC.CACSScS.3.2

Possible access to Process as client Client by interception of credentials by a service imposter: if service Process redirects clients to service Service for authentication, an attacker able to impersonate service Service to Client. Since the attacker would then have access to credentials (even if limited to a single use), they can impersonate Client to Process. Note that this does not necessarily mean they can access service Process, only that the client credentials are compromised.

CC.AuC.CACSScS.3.3

Possible access to Process as client Client by snooping credentials between Client and authenticator Service: if service Process redirects clients to service Service for authentication, an attacker able to snoop the token issued by Service may be able to impersonate Client to Process before Client does the same, even if the credential is limited to a single use. Note that this does not necessarily mean they can access service Process, only that the client credentials are compromised.

CC.AuC.CCC-nS.3.2

Password from client Client captured by imposter of service Service: if an attacker can successfully spoof service Service to client Client, they can capture the password (or other reusable secret) used by Client to access the real service, allowing them to also impersonate the client.

CC.AuC.CCC-nS.3.3

Password snooped between Client and Service: if a communication path used by client Client at service Service is subject to snooping, and the client uses a password (or other reusable secret) to authenticate to the service, the password can be snooped, allowing impersonation of Client to Service.

CC.AuC.CCC-nS-i.1

Unauthenticated access as client Client to service Service: if an attacker has network access from the direction of Client to service Service, they can send a connection request to service Service, and if not authenticated, impersonate Client.

CC.AuC.CCCvsCC-nS.1

Unauthenticated access as client Client to service Service: if an attacker has network access between Client or Service and any intermediaries through which they communicate, they can inject a connection request through to service Service, and if not authenticated, impersonate Client.

CC.AuC.HuDFTCS.3

Unauthentic flow of data Data from FlowsFrom directs Client to a fake service impersonating Service: an attacker who provides malicious input to client Client via FlowsFrom (e.g. via phishing), can induce the client to access a fake version of service Service, a one-off deception that may allow subsequent impersonation of the client through capture of its password.

CC.AuC.HuDSTCS.3

Unauthentic stored input Data directs Client to a fake service impersonating Service: an attacker who provides malicious input to client Client by tampering with stored input Data, can induce the client to access a fake version of service Service, a one-off deception that may allow subsequent impersonation of the client through capture of its password.

CC.AuC.HuiHCCC-nS.3.3

Shoulder surfing password for Client at Service from Host in Space: if user Human enters a password to client Client to access service Service when the client is running on host Host in insecure space Space, then an attacker could obtain the password by shoulder surfing.

CC.AuC.HuiHrCCC-nS.3.3

Shoulder surfing password for Client at Service from Host in Space: if user Human enters a password to client Client to access service Service when accessing the client via remote access from host Host in insecure space Space, then an attacker could obtain the password by shoulder surfing.

CC.AuC.HumCCC-nS.3

Credential stuffing to find password used by Human to access Service from Client: this threat applies where a human user of client Client uses a weak password which can guessed or found by brute force attack and used by an attacker to access Service as the client.

CC.AuC.CACHLSS.2

Client Client on stolen host CHost used to access Service via LogicalSubnet: if an attacker in possession of stolen device CHost can control the installed client Client when CHost is connected to LogicalSubnet, the attacker can use Client to access Service using a privileged network path, thus acting as a false (impersonated) client.

CC.AuC.DFrXSS.3

Reflected XSS exploit on Client via Service injected via client input Data from FlowsFrom: an attacker who can inject malicious content into input Data flowing to Client from FlowsFrom can exploit a bug in Service to send a harmful script to the client browser. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.AuC.DFsXSS.3

Stored XSS exploit against Client by Service injected via input Data from FlowsFrom: an attacker who can inject malicious content into input Data flowing to Service from FlowsFrom can exploit a bug in Service, and send a harmful script to a trusting client browser Client. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.AuC.DSrXSS.3

Reflected XSS exploit on Client from Service injected via locally stored client input Data: an attacker who can inject malicious content into locally stored input Data used by Client can exploit a bug in Service and send a harmful script to the client browser. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.AuC.DSsXSS.3

Stored XSS exploit from Service against Client: an attacker who can inject malicious content into service input Data stored on SHost can exploit a bug in Service, and send a harmful script to a trusting client browser Client. We assume this will make the browser leak authentication credentials, such as a password or session key.

(empty)

CC.AX.CCCS.6.2

Disabling access by impersonated client Client to Service affects availability: access by client Client to service Service may be disabled to prevent access by an impersonated client, but this affects the availability of client-service connections.

CC.R.CACvsCCS.1

Authenticated access as Client to service Service: anyone who has access to Service and can authenticate as Client can gain authenticated access to Service as Client.

CC.R.CCCS-i.1

P.V.CCCSACvLS.2

Adjacent authenticated exploit as Client on service Service from LogicalSubnet: an attacker able to authenticate as client Client and access Service via an adjacent subnet LogicalSubnet used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.

P.V.CCCS-iAC.2

Remote authenticated exploit as Client on service Service: an attacker able to authenticate as client Client and access Service from a direction used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.