CAPEC Details
Name Create Malicious Client
Likelyhood of attack Typical severity
High Medium
Summary An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures.
Prerequisites The targeted service must make assumptions about the behavior of the client application that interacts with it, which can be abused by an adversary.
Related Weaknesses
CWE ID Description
CWE-602 Client-Side Enforcement of Server-Side Security
Related CAPECS
CAPEC ID Description
CAPEC-22 An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.