Trustworthiness Attribute ClientAuthenticity

URI: ClientAuthenticity

Package: ProcessComms

< prev | next >

Description: The client accessing the related service has a reliable means of authentication which can be verified by the service. This is not related to the trustworthiness of those able to access the service, only the trustworthiness of those in possession of client credentials.

This attribute is undermined by the misbehaviour ClientImpersonation

Threats (6)

CC.AX.CCCS.6.2

Disabling access by impersonated client Client to Service affects availability: access by client Client to service Service may be disabled to prevent access by an impersonated client, but this affects the availability of client-service connections.

CC.R.CACvsCCS.1

Authenticated access as Client to service Service: anyone who has access to Service and can authenticate as Client can gain authenticated access to Service as Client.

CC.R.CCCS-i.1

Authenticated access as Client to service Service: anyone who has access to Service and can authenticate as Client can gain authenticated access to Service as Client.

P.V.CCCSACvLS.2

Adjacent authenticated exploit as Client on service Service from LogicalSubnet: an attacker able to authenticate as client Client and access Service via an adjacent subnet LogicalSubnet used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.

P.V.CCCS-iAC.2

Remote authenticated exploit as Client on service Service: an attacker able to authenticate as client Client and access Service from a direction used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.

P.V.CCCvsCCSAC.2

Remote authenticated exploit as Client on service Service: an attacker able to authenticate as client Client and access Service from a direction used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.