| Name |
Force the System to Reset Values |
|
| Likelyhood of attack |
Typical severity |
| High |
Medium |
|
| Summary |
An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions. |
| Prerequisites |
The targeted application must have a reset function that returns the configuration of the application to an earlier state. The reset functionality must be inadequately protected against use. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-306 |
Missing Authentication for Critical Function |
| CWE-1221 |
Incorrect Register Defaults or Module Parameters |
| CWE-1232 |
Improper Lock Behavior After Power State Transition |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-161 |
An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account. |
|