Threat CC.AuC.CCC-nS-i.1

URI: CC.AuC.CCC-nS-i.1

Description: Unauthenticated access as client Client to service Service: if an attacker has network access from the direction of Client to service Service, they can send a connection request to service Service, and if not authenticated, impersonate Client.

Threat Type: Primary Threat

Matching Pattern:

MP-CCC-nS-i

Finds a Client and Service where the Service is responsible for authenticating the client, the ClientChannel between them which must be a direct connection, plus the Client and Service hosts and optionally the Client user and Service manager.

(empty)

ClientImpersonation at Role_ClientChannel

CSG-ClientOneTimeKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a one time key created using a client-side authentication device provided to them.
CSG-ClientOutOfBandKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a password and a separate key sent to them via a separate (out of band) means.
CSG-ClientPasswordAuthentication	The service *Service* controls access by requiring users to authenticate with a password.
CSG-ClientX509Authentication	Access to service *Service* is controlled, by authenticating authorised users during the TLS connection against a known public key registered via a trustworthy means such as X509.

Threat CC.AuC.CCC-nS-i.1

MP-CCC-nS-i

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (4)