Threat CC.AuC.CACSSaS.3.2

URI: CC.AuC.CACSSaS.3.2

Description: Spoofed authorization service Service allows impersonation of Client to Process: if service Process redirects clients to service Service for authentication, and sends the client credentials to Service for validation, then if an attacker can impersonate Service to Process can falsely validate fake client credentials. Note that this does not necessarily mean they can access Process as Client, only that the client credentials are compromised. The fake token also does not give the attacker rights to other services used by Process.

Threat Type: Primary Threat

Matching Pattern:

MP-CACSSaS

Finds a channel between a client and a service used to pass authorization tokens, and a second channel from the service to another service used to validate those tokens, along with the hosts of the client and the second service, plus optionally the client user and the managers of the second service and its host.

(empty)

ClientImpersonation at Role_AuthChannel

(empty)

Threat CC.AuC.CACSSaS.3.2

MP-CACSSaS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (0)