Threat CC.AuC.CACSScS.3.1

URI: CC.AuC.CACSScS.3.1

Description: Possible access to Process as client Client by false client of compromised service Service: if service Process redirects clients to service Service for authentication, and Service is compromised, then attackers may be able to obtain credentials from Service allowing them to authenticate to Process as Client. Note that this does not necessarily mean they can access service Process, only that the client credentials are compromised.

Threat Type: Primary Threat

Matching Pattern:

MP-CACSScS

Finds a channel between a client and a service, where authentication on this channel is controlled by authentication on another channel from the same client to a second service, along with the hosts of the client and the second service, plus optionally the client user and the managers of the second service and its host.

(empty)

ClientImpersonation at Role_AuthChannel

(empty)

Threat CC.AuC.CACSScS.3.1

MP-CACSScS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (0)