Threat CC.AX.CCC-nmSCS.6.1.5

URI: CC.AX.CCC-nmSCS.6.1.5

Package: ProcessComms

< prev | next >

Description: Client Client unable to authenticate via a trusted key pair with Service: the service Service requires that client connections are authenticated using an asymmetric cryptographic challenge against an X509 (or otherwise trusted) key pair, but this is not enabled at Client.

Threat Type: Primary Threat

Matching Pattern:

CC.AX.CCC-nmSCS.6.1.5
MP-CCC-nmSCS

Finds a Client accessing and authenticating directly with a Service, the Client Channel between them and all associated Service Channels (of which there must be at least one), plus the client and service hosts and optionally the service manager and client user.

        (empty)

CC.AX.CCC-nmSCS.6.1.5
CC.AX.CACSSaS.0

Client Client unable to access service Process because Process cannot access authorization service Service: the service Process requires that clients authenticate with a separate service Service, but Process cannot access Service to exchange the client token issued by Service for an access token granting rights at Process.
CC.AX.CCC-nmSCS.6.1.5
CC.AX.CACSScS.0

Client Client unable to authenticate with Service to access service Process: the service Process requires that clients authenticate with a separate service Service, which is inaccessible to client Client.
CC.AX.CCC-nmSCS.6.1.5
DF.A.CC-iDFCS.0

Flow of data Data from FlowsFrom to FlowsTo interrupted because Client cannot access Service: if client Client cannot access service Service, the end to end flow of data Data from FlowsFrom to FlowsTo that uses this client-service connection will be interrupted.
CC.AX.CCC-nmSCS.6.1.5
DF.A.CC-iDFSC.0

Flow of data Data from FlowsFrom to FlowsTo interrupted because Client cannot access Service: if client Client cannot access service Service, the end to end flow of data Data from FlowsFrom to FlowsTo that uses this client-service connection will be interrupted.
CC.AX.CCC-nmSCS.6.1.5
I.A.HLSISC.6.4

Authentication failure for device CHost at Service prevents connection to LogicalSubnet: the device CHost cannot connect to LogicalSubnet because it cannot authenticate with the authenticator service Service controlling access to the network.
CC.AX.CCC-nmSCS.6.1.5
P.A.HuirRACSPH.0

Loss of connectivity from Client to Service affects Process: because user Human interacts with Process via remote access client Client and the shell on SHost, if Client cannot connect to remote access service Service on SHost, Human will be unable to interact with Process which will be rendered non-operational.

CSG-X509CertificationOfClient

Access to a service requires authentication using an asymmetric cryptographic challenge during a TLS connection establishment by Client, based on an X509 or other trusted public key belonging to the authorised user.

CSG-X509CertificationOfHost

Access to a service requires authentication using an asymmetric cryptographic challenge during a TLS connection establishment by Client, based on an X509 or other trusted public key belonging to the authorised user. Here the client Client is acting as a proxy for its host device, so the key is actually installed on CHost.