Name Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
Summary Attackers can capture application code bound for an authorized client during patching and can use it, as-is or through reverse-engineering, to glean sensitive information or exploit the trust relationship between the client and server.
Prerequisites The attacker must be able to employ a sniffer in the path between the server and client without being detected. The targeted application must receive some patches from the server.
Solutions Design: Encrypt all communication between the client and server. Implementation: Use SSL, SSH, SCP. Operation: Use "ifconfig/ipconfig" or other tools to detect the sniffer installed in the network.
Related Weaknesses
CWE ID Description
CWE-311 Missing Encryption of Sensitive Data
Back to Top