Threat P.L.SPNaLnS.1

URI: P.L.SPNaLnS.1

Description: Remote access to login service Service via reverse proxy Client: a malicious user or an attacker who can authenticate with reverse proxy Client can send messages via Client to a back-end login service Service, gaining access to its rights on device SHost.

Threat Type: Primary Threat

Matching Pattern:

MP-SPNaLnS

Finds a host running a remote access service accessed by a reverse proxy, plus the associated client channel, the location and network contexts in which this can happen, and optionally the managers of the client proxy, service and service host.

(empty)

P.L.HPmAC.0

Access to the rights of Process by unauthorized agents in all contexts : if untrustworthy actors gain access to Host with the rights of Process, the best case trustworthiness of its users in any context is degraded.

P.L.HPsAC.0

Access to the rights of Process by unauthorized agents in any context: if an untrustworthy actor gains access to Host with the rights of Process in any context, the worst case trustworthiness of its users in any context is degraded.

(empty)

LocalLossOfUserTW at Role_ProcAccess

CSG-RestrictedRemoteAccess

Remote access service Service runs a restricted shell on SHost, such that remote users cannot gain full access to the host, and can only run specific application processes on SHost (those controlled by Service).

Threat P.L.SPNaLnS.1

MP-SPNaLnS

Triggered by Threat (0)

Triggers Secondary Threats (2)

P.L.HPmAC.0

P.L.HPsAC.0

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (1)