Standard attack pattern

Draft

CAPEC-12: Choosing Message Identifier

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

Last updated June 1, 2026

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

2

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

CAPEC-12 (Choosing Message Identifier) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

How the attack works

The phases an attacker typically follows to carry out this attack.

Step 1
Explore
[Determine Nature of Messages] Determine the nature of messages being transported as well as the identifiers to be used as part of the attack
Step 2
Experiment
[Authenticate] If required, authenticate to the distribution channel
Step 3
Experiment
[Identify Known Client Identifiers] If any particular client's information is available through a control channel available to all users, the adversary will discover particular identifiers for targeted clients by observing this channel, or requesting client information through this channel.
Step 4
Experiment
[Change Message Identifier] Adversaries with client access connecting to output channels could change their channel identifier and see someone else's (perhaps more privileged) data.

What the attacker needs

Prerequisites

Information and client-sensitive (and client-specific) data must be present through a distribution channel available to all users.
Distribution means must code (through channel, message identifiers, or convention) message destination in a manner visible within the distribution means itself (such as a control channel) or in the messages themselves.

Skills required

Low skill: All the adversary needs to discover is the format of the messages on the channel/distribution means and the particular identifier used within the messages.

Resources required

The adversary needs the ability to control source code or application configuration responsible for selecting which message/channel id is absorbed from the public distribution means.

Consequences

What a successful CAPEC-12 attack can achieve.

Read Data

Affects: Confidentiality

Gain Privileges

Affects: Confidentiality, Access Control, Authorization

How to mitigate it

Defenses that reduce the risk of CAPEC-12.

Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages. The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message.
Re-architect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them.

Examples

A certain B2B interface on a large application codes for messages passed over an MQSeries queue, on a single "Partners" channel. Messages on that channel code for their client destination based on a partner_ID field, held by each message. That field is a simple integer. Adversaries having access to that channel, perhaps a particularly nosey partner, can simply choose to store messages of another partner's ID and read them as they desire. Note that authentication does not prevent a partner from leveraging this attack on other partners. It simply disallows adversaries without partner status from conducting this attack.

Frequently asked questions

Common questions about CAPEC-12.

What is CAPEC-12?

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

How does a Choosing Message Identifier attack work?

It typically unfolds over 4 phases. It begins with: [Determine Nature of Messages] Determine the nature of messages being transported as well as the identifiers to be used as part of the attack

How do you prevent CAPEC-12?

Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages. The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message.

What weaknesses does CAPEC-12 target?

CAPEC-12 exploits 2 CWE weaknesses, including CWE-201 (Insertion of Sensitive Information Into Sent Data), CWE-306 (Missing Authentication for Critical Function).

How severe is CAPEC-12?

MITRE rates CAPEC-12 as High severity with high likelihood of attack.

References

Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.

Defend against CAPEC-12

Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.

Start free See pricing

Overview

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Peer

Frequently asked questions

What is CAPEC-12?

How does a Choosing Message Identifier attack work?

How do you prevent CAPEC-12?

What weaknesses does CAPEC-12 target?

How severe is CAPEC-12?

References

Defend against CAPEC-12