CAPEC Details
Name Read Sensitive Constants Within an Executable
Likelyhood of attack Typical severity
High Low
Summary An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis. One specific example of a sensitive string is a hard-coded password. Typical examples of software with hard-coded passwords include server-side executables which may check for a hard-coded password or key during a user's authentication with the server. Hard-coded passwords can also be present in client-side executables which utilize the password or key when connecting to either a remote component, such as a database server, licensing server, or otherwise, or a processes on the same host that expects a key or password. When analyzing an executable the adversary may search for the presence of such strings by analyzing the byte-code of the file itself. Example utilities for revealing strings within a file include 'strings,' 'grep,' or other variants of these programs depending upon the type of operating system used. These programs can be used to dump any ASCII or UNICODE strings contained within a program. Strings can also be searched for using a hex editors by loading the binary or object code file and utilizing native search functions such as regular expressions. Additionally, sensitive numeric values can occur within an executable. This can be used to discover the location of cryptographic constants.
Prerequisites Access to a binary or executable such that it can be analyzed by various utilities.
Related Weaknesses
CWE ID Description
CWE-798 Use of Hard-coded Credentials
Related CAPECS
CAPEC ID Description
CAPEC-167 An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution.
Taxonomy: ATTACK
Entry ID Entry Name
1552.001 Unsecured Credentials:Credentials in files