CAPEC 466 Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy

Draft Standard Unknown Risk

Severity Medium

Description

An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim's browser. This active adversary in the middle attack could be launched, for instance, when the victim is connected to a public WIFI hot spot. An attacker is able to intercept requests and responses between the victim's browser and some non-sensitive website that does not use TLS.

CAPEC 466 Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy

Description

Mitigations

Design: Trust Level Separation For Privileged / Non Privileged Interactions (E.G., Two Different Browsers, Two Different Users, Two Different Operating Systems, Two Different Virtual Machines)

Design: Tunnel Communications Through A Secure Proxy

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

CAPEC 466 Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy

Description

Mitigations

Design: Trust Level Separation For Privileged / Non Privileged Interactions (E.G., Two Different Browsers, Two Different Users, Two Different Operating Systems, Two Different Virtual Machines)

Design: Tunnel Communications Through A Secure Proxy

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Iscriviti alla newsletter