Dark Mode
Capec-510 Detail
SaaS User Request Forgery
Standard Software Likelihood: High Typical Severity: Medium
Parents: 21
Threats: T292 T293
An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (also known as a cloud based application) by leveraging the persistent and implicit trust placed on a trusted user's session. This attack is executed after a trusted user is authenticated into a cloud service, "piggy-backing" on the authenticated session, and exploiting the fact that the cloud service believes it is only interacting with the trusted user. If successful, the actions embedded in the malicious application will be processed and accepted by the targeted SaaS application and executed at the trusted user's privilege level.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-510 | capec | https://capec.mitre.org/data/definitions/510.html | |
| CWE-346 | cwe | http://cwe.mitre.org/data/definitions/346.html | |
| REF-438 | reference_from_CAPEC | http://www.adallom.com/blog/a-new-zeus-variant-targeting-salesforce-com-accounts-research-and-analysis/ | Ami Luttwak, A new Zeus variant targeting Salesforce.com – Research and Analysis, Adallom, Inc. |
Not present
- An adversary must be able install a purpose built malicious application onto the trusted user's system and convince the user to execute it while authenticated to the SaaS application.
Not present
| Medium |
|---|
| This attack pattern often requires the technical ability to modify a malicious software package (e.g. Zeus) to spider a targeted site and a way to trick a user into a malicious software download. |
Not present
Not present