pytm icon indicating copy to clipboard operation
pytm copied to clipboard

Published 20 hours ago verified publisher icon izar

DE01 Data Flow Sniffing vs DE02 Weak Credential Transit

Open colesmj opened this issue 5 years ago • 4 comments

DE02 is a more specific variant of DE01. Two questions come to mind:

  1. Is it necessary?
  2. Would a threat-relationship descriptor be useful, e.g. threat A follows from threat B (similar to CWE's model of relationships)?

colesmj avatar Oct 21 '18 15:10 colesmj

Also AA02 seems to cover DE02 (duplicate threat?)

colesmj avatar Oct 21 '18 15:10 colesmj

Looks like this issue is not valid anymore, DE02 has been repurpose into a different threat.

nineinchnick avatar Oct 04 '20 11:10 nineinchnick

DE03 is now sniffing, and so DE01 and DE03 now might be duplicates.

colesmj avatar Jun 25 '23 14:06 colesmj

Since DE01 and DE03 are CAPEC-117: interception and CAPEC-157: Sniffing Attacks and 117 is a parent of 157 it is no wonder that both sound similar.

What is strange is the condition of the two are very different

DE01:

https://github.com/izar/pytm/blob/c4a81a451cb4e974098beec4ddc9abef79fd6376/pytm/threatlib/threats.json#L196

DE03:

https://github.com/izar/pytm/blob/c4a81a451cb4e974098beec4ddc9abef79fd6376/pytm/threatlib/threats.json#L527

The question does it makes sense to separate the two, is yes as long as they have different conditions. But I agree that they are very similar and it is not helpful to have two alerts for one problem.

raphaelahrens avatar Mar 14 '24 15:03 raphaelahrens