| Name |
Manipulating Writeable Configuration Files |
|
| Likelyhood of attack |
Typical severity |
| High |
Very High |
|
| Summary |
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users. |
| Prerequisites |
Configuration files must be modifiable by the attacker |
| Solutions | Design: Enforce principle of least privilege Design: Backup copies of all configuration files Implementation: Integrity monitoring for configuration files Implementation: Enforce audit logging on code and configuration promotion procedures. Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-99 |
Improper Control of Resource Identifiers ('Resource Injection') |
| CWE-346 |
Origin Validation Error |
| CWE-349 |
Acceptance of Extraneous Untrusted Data With Trusted Data |
| CWE-353 |
Missing Support for Integrity Check |
| CWE-354 |
Improper Validation of Integrity Check Value |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-176 |
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
|