Threat CC.AX.CACSScS.0

URI: CC.AX.CACSScS.0

Description: Client Client unable to authenticate with Service to access service Process: the service Process requires that clients authenticate with a separate service Service, which is inaccessible to client Client.

Threat Type: Secondary Threat

Matching Pattern:

MP-CACSScS

Finds a channel between a client and a service, where authentication on this channel is controlled by authentication on another channel from the same client to a second service, along with the hosts of the client and the second service, plus optionally the client user and the managers of the second service and its host.

CC.AX.CCCmSCS.0

Communication failure between Client and Service: if there are no available network paths between client Client and service Service, Client will be unable to connect to Service.

CC.AX.CCC-nmCCS.6.1.5

Client Client unable to authenticate via a trusted key pair with Service: the service Service requires that client connections are authenticated using an asymmetric cryptographic challenge against an X509 (or otherwise trusted) key pair, but here access is via a reverse proxy so there is no direct TLS connection.

CC.AX.CCC-nmSCS.6.1.5

CC.AX.CCC-nS.6.1.1

Client Client unable to authenticate via password with Service: the service Service requires that clients authenticate using a password, but this is not available to client Client.

CC.AX.CCC-nS.6.1.3

Client Client unable to use 2-factor authentication to access service Service: if service Service requires clients to authenticate using a second factor (e.g. a one time key or out of band key exchange), but this is not available to Client then access will be impossible.

CC.AX.CCCS.1.3

Compromised service Service prevents access by Client: if service Service is compromised then the attacker can prevent Client from authenticating with the service.

CC.AX.CCCS.6.1

Disabled access by client Client to Service: access by client Client to service Service has been disabled to prevent communication threats. However, this also causes a loss of accessibility of the service from that client.

CC.AX.CCCS.6.2

Disabling access by impersonated client Client to Service affects availability: access by client Client to service Service may be disabled to prevent access by an impersonated client, but this affects the availability of client-service connections.

CC.AX.CCCS.6.3

Disabling access by untrustworthy client Client to Service affects availability: access by client Client to service Service may be disabled to prevent access by a malicious or compromised client, but this affects the availability of client-service connections.

CC.AX.CCCvCCS.0

Access by Client to Service blocked between ProxyClient and Proxy: if Client is accessing Service via a proxy, then a comms failure to or from the proxy also causes an end-to-end comms failure between Client and Service.

CC.AX.CCDFSFS.6.4

Disabling excessive access by client Client to Service affects availability: access by client Client to service Service may be disabled to prevent excessive amounts of data being requested from the service, but this affects the availability of client-service connections.

CC.AX.CCDFSTS.6.4

Disabling excessive access by client Client to Service affects availability: access by client Client to service Service may be disabled to prevent excessive amounts of data being sent to the service, but this affects the availability of client-service connections.

CC.AX.HuCCC-nS.6.1.2

User Human of client Client forgot the password to authenticate with Service: the service Service requires that clients authenticate using a strong password, but the user Human cannot remember the password.

CC.AX.HuCCC-nS.6.1.7

Continuous authN false negative at Client prevents access to Service: the service Service requires that clients use continuous authentication to verify the identity of the user Human, and this is in place but produces a false negative result.

(empty)

LossOfAccessibility at Role_AuthChannel