|Name ||Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution |
|Summary ||Attackers can capture new application installation code bound for an authorized client during initial distribution and can use it, as-is or through reverse-engineering, to glean sensitive information or exploit the trust relationship between the client and server. |
|Prerequisites ||The attacker must be able to employ a sniffer in the path between the server and client without being detected. The targeted operating system or application must be configured to allow for end users to request new components and applications from the server. |
|Solutions ||Design: Encrypt all communication between the client and server.
Implementation: Use SSL, SSH, SCP.
Operation: Use "ifconfig/ipconfig" or other tools to detect the sniffer installed in the network. |
|CWE ID ||Description |
|CWE-311 ||Missing Encryption of Sensitive Data |