How do you prevent CAPEC-22?

Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system.

What weaknesses does CAPEC-22 target?

CAPEC-22 exploits 5 CWE weaknesses, including CWE-20 (Improper Input Validation), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-287 (Improper Authentication), CWE-290 (Authentication Bypass by Spoofing).

How severe is CAPEC-22?

MITRE rates CAPEC-22 as High severity with high likelihood of attack.

Meta attack pattern

Draft

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

Last updated June 1, 2026

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Overview

CAPEC-22 (Exploiting Trust in Client) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

What the attacker needs

Prerequisites

Server software must rely on client side formatted and validated values, and not reinforce these checks on the server side.

Skills required

Medium skill: The attacker must have fairly detailed knowledge of the syntax and semantics of client/server communications protocols and grammars

Resources required

Ability to communicate synchronously or asynchronously with server

Consequences

What a successful CAPEC-22 attack can achieve.

Execute Unauthorized Commands

Affects: Confidentiality, Integrity, Availability

Run Arbitrary Code

Gain Privileges

Affects: Confidentiality, Access Control, Authorization

Read Data

Affects: Confidentiality

How to mitigate it

Defenses that reduce the risk of CAPEC-22.

Examples

Web applications may use JavaScript to perform client side validation, request encoding/formatting, and other security functions, which provides some usability benefits and eliminates some client-server round-tripping. However, the web server cannot assume that the requests it receives have been subject to those validations, because an attacker can use an alternate method for crafting the HTTP Request and submit data that contains poisoned values designed to spoof a user and/or get the web server to disclose information.

Web 2.0 style applications may be particularly vulnerable because they in large part rely on existing infrastructure which provides scalability without the ability to govern the clients. Attackers identify vulnerabilities that either assume the client side is responsible for some security services (without the requisite ability to ensure enforcement of these checks) and/or the lack of a hardened, default deny server configuration that allows for an attacker probing for weaknesses in unexpected ways. Client side validation, request formatting and other services may be performed, but these are strictly usability enhancements not security enhancements.

Many web applications use client side scripting like JavaScript to enforce authentication, authorization, session state and other variables, but at the end of day they all make requests to the server. These client side checks may provide usability and performance gains, but they lack integrity in terms of the http request. It is possible for an attacker to post variables directly to the server without using any of the client script security checks and customize the patterns to impersonate other users or probe for more information.

Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server's policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the message server accepts and acts on.

CAPEC-22: Exploiting Trust in Client

Overview

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-22?

How do you prevent CAPEC-22?

What weaknesses does CAPEC-22 target?

How severe is CAPEC-22?

References

Defend against CAPEC-22

Overview

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Child

Frequently asked questions

What is CAPEC-22?

How do you prevent CAPEC-22?

What weaknesses does CAPEC-22 target?

How severe is CAPEC-22?

References

Defend against CAPEC-22