Threat P.L.SPNaS.3

URI: P.L.SPNaS.3

Description: Remote control of process Service using a back door via proxy Client: a malicious user or an attacker who can send messages via reverse proxy Client to a back-end service Service could access a back door if previously installed in the software, and gain control of Service including its access to its rights on device SHost.

Threat Type: Primary Threat

Matching Pattern:

MP-SPNaS

Finds a host running a service accessed via a reverse proxy, plus the associated client channel, contexts in which the service can be accessed, and optionally the managers of the client proxy, service and service host.

(empty)

P.L.HPmAC.0

Access to the rights of Process by unauthorized agents in all contexts : if untrustworthy actors gain access to Host with the rights of Process, the best case trustworthiness of its users in any context is degraded.

P.L.HPsAC.0

Access to the rights of Process by unauthorized agents in any context: if an untrustworthy actor gains access to Host with the rights of Process in any context, the worst case trustworthiness of its users in any context is degraded.

(empty)

LocalLossOfUserTW at Role_ProcAccess

(empty)

Threat P.L.SPNaS.3

MP-SPNaS

Triggered by Threat (0)

Triggers Secondary Threats (2)

P.L.HPmAC.0

P.L.HPsAC.0

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (0)