| Name |
Probe System Files |
|
| Likelyhood of attack |
Typical severity |
| Low |
Medium |
|
| Summary |
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information. |
| Prerequisites |
An adversary has access to the file system of a system. |
| Solutions | Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-552 |
Files or Directories Accessible to External Parties |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-545 |
An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1039 |
Data from Network Shared Drive |
| 1552.001 |
Unsecured Credentials: Credentials in Files |
| 1552.003 |
Unsecured Credentials: Bash History |
| 1552.004 |
Unsecured Credentials: Private Keys |
| 1552.006 |
Unsecured Credentials: Group Policy Preferences |
|