Threat CC.AuC.CCC-nS.3.3

URI: CC.AuC.CCC-nS.3.3

Description: Password snooped between Client and Service: if a communication path used by client Client at service Service is subject to snooping, and the client uses a password (or other reusable secret) to authenticate to the service, the password can be snooped, allowing impersonation of Client to Service.

Threat Type: Primary Threat

Matching Pattern:

MP-CCC-nS

Finds a Client that is not sharing or forwarding credentials, with access to a Service that does not use a separate authenticator, the ClientChannel between them, the Client and Service hosts and optionally the Client user and Service manager.

(empty)

CSG-ClientPasswordAccess

CSG-ClientUserPasswordAccess-Optional

ClientImpersonation at Role_ClientChannel

CSG-ClientOneTimeKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a one time key created using a client-side authentication device provided to them.
CSG-ClientOutOfBandKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a password and a separate key sent to them via a separate (out of band) means.

Threat CC.AuC.CCC-nS.3.3

MP-CCC-nS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (2)

Misbehaviour Sets (1)

Control Strategies (2)