Threat CC.AuC.HuDSTCS.3

URI: CC.AuC.HuDSTCS.3

Description: Unauthentic stored input Data directs Client to a fake service impersonating Service: an attacker who provides malicious input to client Client by tampering with stored input Data, can induce the client to access a fake version of service Service, a one-off deception that may allow subsequent impersonation of the client through capture of its password.

Threat Type: Primary Threat

Matching Pattern:

MP-HuDSTCS

Finds a Human using a Web Browser that accesses via at least one IP subnet a Service that does not use a separate authenticator service, where the browser consumes a locally stored data input viewed but not updated by the user, plus the data access and client channel assets associated with the data use and client-service commnication.

(empty)

CSG-ClientUserPasswordAccess

ClientImpersonation at Role_ClientChannel

CSG-ClientOneTimeKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a one time key created using a client-side authentication device provided to them.
CSG-ClientOutOfBandKeyAuthentication	Access to service *Service* is controlled, by authenticating authorised users using a password and a separate key sent to them via a separate (out of band) means.

Threat CC.AuC.HuDSTCS.3

MP-HuDSTCS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (1)

Misbehaviour Sets (1)

Control Strategies (2)