pytm
pytm copied to clipboard
DE01 Data Flow Sniffing vs DE02 Weak Credential Transit
DE02 is a more specific variant of DE01. Two questions come to mind:
- Is it necessary?
- Would a threat-relationship descriptor be useful, e.g. threat A follows from threat B (similar to CWE's model of relationships)?
Also AA02 seems to cover DE02 (duplicate threat?)
Looks like this issue is not valid anymore, DE02 has been repurpose into a different threat.
DE03 is now sniffing, and so DE01 and DE03 now might be duplicates.
Since DE01 and DE03 are CAPEC-117: interception and CAPEC-157: Sniffing Attacks and 117 is a parent of 157 it is no wonder that both sound similar.
What is strange is the condition of the two are very different
DE01:
https://github.com/izar/pytm/blob/c4a81a451cb4e974098beec4ddc9abef79fd6376/pytm/threatlib/threats.json#L196
DE03:
https://github.com/izar/pytm/blob/c4a81a451cb4e974098beec4ddc9abef79fd6376/pytm/threatlib/threats.json#L527
The question does it makes sense to separate the two, is yes as long as they have different conditions. But I agree that they are very similar and it is not helpful to have two alerts for one problem.