Removing Important Functionality from the Client
Attack Pattern ID: 207 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.

+ Attack Prerequisites

The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client.

+ Resources Required

The attacker must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary.

+ Related Weaknesses
CWE-IDWeakness NameWeakness Relationship Type
602Client-Side Enforcement of Server-Side SecurityTargeted
+ Related Vulnerabilities
Vulnerability IDRelationship Description
CVE-2009-0247

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern22Exploiting Trust in Client (aka Make the Client Invisible) 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern56Removing/short-circuiting 'guard logic' 
Mechanism of Attack (primary)1000
Back to top