Channel Accessible by Non-Endpoint ('Man-in-the-Middle')| ID: 300 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Class |
Description
The product does not adequately verify the identity of actors
at both ends of a communication channel, or does not adequately ensure the
integrity of the channel, in a way that allows the channel to be accessed or
influenced by an actor that is not an endpoint.
Extended DescriptionIn order to establish secure communication between two parties, it is
often important to adequately verify the identity of entities at each end of
the communication channel. Inadequate or inconsistent verification may
result in insufficient or incorrect identification of either communicating
entity. This can have negative consequences such as misplaced trust in the
entity at the other end of the channel. An attacker can leverage this by
interposing between the communicating entities and masquerading as the
original entity. In the absence of sufficient verification of identity, such
an attacker can eavesdrop and potentially modify the communication between
the original entities.
Applicable PlatformsLanguage Class: All
Time Of Introduction
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| ConfidentialityIntegrityAccess_Control | Read application
dataModify application
dataGain privileges / assume
identity | An attacker could pose as one of the entities and read or possibly
modify the communication. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | Always fully authenticate both ends of any communications
channel. | | |
| Architecture and Design | | Adhere to the principle of complete mediation. | | |
| Implementation | | A certificate binds an identity to a cryptographic key to authenticate
a communicating party. Often, the certificate takes the encrypted form
of the hash of the identity of the subject, the public key, and
information such as time of issue or expiration using the issuer's
private key. The certificate can be validated by deciphering the
certificate with the issuer's public key. See also X.509 certificate
signature chains and the PGP certification structure. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-300 ChildOf CWE-902 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the Java snippet below, data is sent over an unencrypted channel
to a remote server. By eavesdropping on the communication channel or posing
as the endpoint, an attacker would be able to read all of the transmitted
data.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Man-in-the-middle (MITM) | |
| WASC | 32 | Routing Detour | |
| CERT Java Secure Coding | SEC06-J | Do not rely on the default automatic signature verification
provided by URLClassLoader and java.util.jar | |
References:
- M. Bishop .Computer Security: Art and Science. Addison-Wesley. Published on 2003.
