2. of Spoofing
An attacker could squat on the random port or socket that the server normally uses.
Or the alternative text:
An attacker could take over the port or socket that the server normally uses.
Threat |
|
Also known as scheme squatting. An attacker could bind to port 80, the port used for the HyperText Transfer Protocol (HTTP), and respond to requests instead of your app/service. If an attacker responds to your service calls instead of the service, they can feed your consumer fake data. |
|
CAPEC [1] |
CAPEC-616 - Establish Rogue Location CAPEC-505 - Scheme Squatting |
ASVS [2] |
N/A |
CWE [3] |
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor |
Mitigations |
|
|