| Name |
Read Sensitive Constants Within an Executable |
|
| Likelyhood of attack |
Typical severity |
| High |
Low |
|
| Summary |
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis. |
| Prerequisites |
Access to a binary or executable such that it can be analyzed by various utilities. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-798 |
Use of Hard-coded Credentials |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-167 |
An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1552.001 |
Unsecured Credentials:Credentials in files |
|