- What is CAPEC-39?
- In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
- How does a Manipulating Opaque Client-based Data Tokens attack work?
- It typically unfolds over 4 phases. It begins with: [Enumerate information passed to client side] The attacker identifies the parameters used as part of tokens to take business or security decisions
- How do you prevent CAPEC-39?
- One solution to this problem is to protect encrypted data with a CRC of some sort. If knowing who last manipulated the data is important, then using a cryptographic "message authentication code" (or hMAC) is prescribed. However, this guidance is not a panacea. In particular, any value created by (and therefore encrypted by) the client, which itself is a "malicious" value, all the protective cryptography in the world can't make the value 'correct' again. Put simply, if the client has control over the whole process of generating and encoding the value, then simply protecting its integrity doesn't help.
- What weaknesses does CAPEC-39 target?
- CAPEC-39 exploits 9 CWE weaknesses, including CWE-233 (Improper Handling of Parameters), CWE-285 (Improper Authorization), CWE-302 (Authentication Bypass by Assumed-Immutable Data), CWE-315 (Cleartext Storage of Sensitive Information in a Cookie).
- How severe is CAPEC-39?
- MITRE rates CAPEC-39 as Medium severity with high likelihood of attack.