TID-408: Unencrypted Sensitive Data Communication
Threat Description
Some devices do not adequately encrypt communications that includes operational or management information. Without adequate encryption, a threat actor can eavesdrop on the communications to gain access to device operational information, management information, or authentication information such as credentials or keys. Examples of popular protocols that lack encryption include FTP, Telnet, HTTP, Modbus, and DNP3.
Threat Maturity and Evidence
Observed Adversarial Technique
ATT&CK T0842 Network Sniffing
“Network sniffing is the practice of using a network interface on a computer system to monitor or capture information regardless of whether it is the specified destination for the information.”ATT&CK T0887 Wireless Sniffing
“Adversaries may seek to capture radio frequency (RF) communication used for remote control and reporting in distributed environments.”
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
“The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.”
CVE
Sierra Wireless AirLink Raven X EV-DO Vulnerabilities – CVE-2013-2819
“The AirLink Raven X EV-DO does not use encryption in the update and reprogramming process. By using the passwords and user names that are stored in plain text, an attacker could reprogram the firmware.”OT-ICEFALL - CVE-2022-29954
“The BSAP/IP protocol transmits passwords in plaintext”OT-ICEFALL - CVE-2022-30261
“The ROC protocol transmits passwords in plaintext.”OT-ICEFALL - CVE-2022-30266
“The SRTP protocol transmits passwords in plaintext”OT-ICEFALL - CVE-2022-30312
“The Inter-controller (IC) protocol transmits PINs, usernames and passwords in plaintext”OT-ICEFALL - CVE-2022-31204
“The password used to restrict engineering operations is transmitted in plaintext”OT-ICEFALL - CVE-2022-29519
The ResConf protocol transmits usernames, passwords and session tokens in plaintext.”