WB-S-4 — Attacker runs a rogue AuthZEN endpoint and redirects wallet backend
Component: Wallet Backend. Mitigations: go-trust URL is operator-configured; not user-controlled. Action: Validate go-trust URL in deployment checklist
| Property | Value |
|---|---|
| Section | Spoofing |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|---|
| SID-TRANS-01 | TLS 1.2+ Minimum with Configurable Version |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md