An attacker tries to deduce the identity, type, software version, or vendor of the Serveror Clientin order to apply knowledge about specific vulnerabilities of that product to mount a more intrusive or damaging attack. The attacker might profile the target by sending valid or invalid formatted Messages to the target and try to recognize the type of target by the pattern of its normal and error responses.

Serverprofiling impacts all of the security objectives indirectly.

See 5.1.8for the reconciliation of this threat.