CAPEC-216 - Abuse of Communication Channels

An attacker may take advantage of a setting in communications protocols where security settings or other choices involving the various parameters can be influenced or manipulated to cause compromise to the communications. This can be disclosure of information, insertion or removal of information from the communications stream, and even include remote system compromise.

Severity

Likelihood

Confidentiality

Integrity

Availability

Access to the client/server stream.

The attacker needs the ability to sniff traffic, and optionally be able to route said traffic to a system where the sniffing of traffic can take place, and act upon the recovered traffic in real time.