Threat CC.AuC.CCCvsCC-nS.1

URI: CC.AuC.CCCvsCC-nS.1

Description: Unauthenticated access as client Client to service Service: if an attacker has network access between Client or Service and any intermediaries through which they communicate, they can inject a connection request through to service Service, and if not authenticated, impersonate Client.

Threat Type: Primary Threat

Matching Pattern:

MP-CCCvsCC-nS

Finds a Client accessing a Service via intermediaries, where the Service is responsible for client authentication, along with the Client Channel between the Client and Service, and the related channels via intermediaries, any of which can cause a threat, plus the client and service hosts and and optionally the service manager and interactive client user.

(empty)

ClientImpersonation at Role_ClientChannel

CSG-ClientOneTimeKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a one time key created using a client-side authentication device provided to them.
CSG-ClientOutOfBandKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a password and a separate key sent to them via a separate (out of band) means.
CSG-ClientPasswordAuthentication	The service *Service* controls access by requiring users to authenticate with a password.
CSG-ClientX509Authentication	Access to service *Service* is controlled, by authenticating authorised users during the TLS connection against a known public key registered via a trustworthy means such as X509.

Threat CC.AuC.CCCvsCC-nS.1

MP-CCCvsCC-nS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (4)