An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.

Related CWE definitions

The product does not encrypt sensitive or critical information before storage or transmission.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
The product does not properly verify that the source of data or communication is valid.
The product does not properly protect an assumed-immutable element from being modified by an attacker.
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Please note that CAPEC definitions are provided as a quick reference only. Visit for a complete list of CAPEC entries and more information.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!