Protocol Injection

medium

protocol-injection

Attacker injects malicious data into the communication channel between services

TamperingElevation of Privilege

MITRE ATT&CK techniques

ID	Name	Tactic
T1557	Adversary-in-the-Middle	Credential Access

Common Weakness Enumeration

CWE-74

Mitigating controls

ctrl-proto-1: Validate and sanitize all incoming data
ctrl-proto-2: Use message authentication codes (MACs)
ctrl-proto-3: Implement strict protocol parsing
ctrl-proto-4: Use encrypted and authenticated protocols

References

https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html