CAPEC-116 Metadata
Likelihood of Attack
High
Typical Severity
Medium
Overview
Summary
An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes.
Prerequisites
An adversary requires some way of interacting with the system.
Potential Solutions / Mitigations
Minimize error/response output to only what is necessary for functional use or corrective language. Remove potentially sensitive information that is not necessary for the application's functionality.
Related Weaknesses (CWE)
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-163 | An adversary targets a specific user or group with a Phishing (CAPEC-98) attack tailored to a category of users in order to have maximum relevance and deceptive capability. Spear Phishing is an enhanced version of the Phishing attack targeted to a specific user or group. The quality of the targeted email is usually enhanced by appearing to come from a known or trusted entity. If the email account of some trusted entity has been compromised the message may be digitally signed. The message will contain information specific to the targeted users that will enhance the probability that they will follow the URL to the compromised site. For example, the message may indicate knowledge of the targets employment, residence, interests, or other information that suggests familiarity. As soon as the user follows the instructions in the message, the attack proceeds as a standard Phishing attack. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.