| Name |
Collect Data from Common Resource Locations |
|
| Likelyhood of attack |
Typical severity |
| High |
Medium |
|
| Summary |
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks. |
| Prerequisites |
The targeted applications must either expect files to be located at a specific location or, if the location of the files can be configured by the user, the user either failed to move the files from the default location or placed them in a conventional location for files of the given type. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-552 |
Files or Directories Accessible to External Parties |
| CWE-1239 |
Improper Zeroization of Hardware Register |
| CWE-1258 |
Exposure of Sensitive System Information Due to Uncleared Debug Information |
| CWE-1266 |
Improper Scrubbing of Sensitive Data from Decommissioned Device |
| CWE-1272 |
Sensitive Information Uncleared Before Debug/Power State Transition |
| CWE-1323 |
Improper Management of Sensitive Trace Data |
| CWE-1324 |
Sensitive Information Accessible by Physical Probing of JTAG Interface |
| CWE-1330 |
Remanent Data Readable after Memory Erase |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-116 |
An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1114.001 |
Email Collection:Local Email Collection |
|