Threat CC.AX.CACSSaS.0

URI: CC.AX.CACSSaS.0

Package: ProcessComms

< prev | next >

Description: Client Client unable to access service Process because Process cannot access authorization service Service: the service Process requires that clients authenticate with a separate service Service, but Process cannot access Service to exchange the client token issued by Service for an access token granting rights at Process.

Threat Type: Secondary Threat

Matching Pattern:

CC.AX.CACSSaS.0
MP-CACSSaS

Finds a channel between a client and a service used to pass authorization tokens, and a second channel from the service to another service used to validate those tokens, along with the hosts of the client and the second service, plus optionally the client user and the managers of the second service and its host.

CC.AX.CACSSaS.0
CC.AX.CCCmSCS.0

Communication failure between Client and Service: if there are no available network paths between client Client and service Service, Client will be unable to connect to Service.
CC.AX.CACSSaS.0
CC.AX.CCC-nmCCS.6.1.5

Client Client unable to authenticate via a trusted key pair with Service: the service Service requires that client connections are authenticated using an asymmetric cryptographic challenge against an X509 (or otherwise trusted) key pair, but here access is via a reverse proxy so there is no direct TLS connection.
CC.AX.CACSSaS.0
CC.AX.CCC-nmSCS.6.1.5

Client Client unable to authenticate via a trusted key pair with Service: the service Service requires that client connections are authenticated using an asymmetric cryptographic challenge against an X509 (or otherwise trusted) key pair, but this is not enabled at Client.
CC.AX.CACSSaS.0
CC.AX.CCC-nS.6.1.1

Client Client unable to authenticate via password with Service: the service Service requires that clients authenticate using a password, but this is not available to client Client.
CC.AX.CACSSaS.0
CC.AX.CCC-nS.6.1.3

Client Client unable to use 2-factor authentication to access service Service: if service Service requires clients to authenticate using a second factor (e.g. a one time key or out of band key exchange), but this is not available to Client then access will be impossible.
CC.AX.CACSSaS.0
CC.AX.CCCS.1.3

Compromised service Service prevents access by Client: if service Service is compromised then the attacker can prevent Client from authenticating with the service.
CC.AX.CACSSaS.0
CC.AX.CCCS.6.1

Disabled access by client Client to Service: access by client Client to service Service has been disabled to prevent communication threats. However, this also causes a loss of accessibility of the service from that client.
CC.AX.CACSSaS.0
CC.AX.CCCS.6.2

Disabling access by impersonated client Client to Service affects availability: access by client Client to service Service may be disabled to prevent access by an impersonated client, but this affects the availability of client-service connections.
CC.AX.CACSSaS.0
CC.AX.CCCS.6.3

Disabling access by untrustworthy client Client to Service affects availability: access by client Client to service Service may be disabled to prevent access by a malicious or compromised client, but this affects the availability of client-service connections.
CC.AX.CACSSaS.0
CC.AX.CCCvCCS.0

Access by Client to Service blocked between ProxyClient and Proxy: if Client is accessing Service via a proxy, then a comms failure to or from the proxy also causes an end-to-end comms failure between Client and Service.
CC.AX.CACSSaS.0
CC.AX.CCDFSFS.6.4

Disabling excessive access by client Client to Service affects availability: access by client Client to service Service may be disabled to prevent excessive amounts of data being requested from the service, but this affects the availability of client-service connections.
CC.AX.CACSSaS.0
CC.AX.CCDFSTS.6.4

Disabling excessive access by client Client to Service affects availability: access by client Client to service Service may be disabled to prevent excessive amounts of data being sent to the service, but this affects the availability of client-service connections.
CC.AX.CACSSaS.0
CC.AX.HuCCC-nS.6.1.2

User Human of client Client forgot the password to authenticate with Service: the service Service requires that clients authenticate using a strong password, but the user Human cannot remember the password.
CC.AX.CACSSaS.0
CC.AX.HuCCC-nS.6.1.7

Continuous authN false negative at Client prevents access to Service: the service Service requires that clients use continuous authentication to verify the identity of the user Human, and this is in place but produces a false negative result.

        (empty)

        (empty)

        (empty)