CAPEC-121 Exploit Non-Production Interfaces

CAPEC-121 Metadata

Likelihood of Attack

Low

Typical Severity

High

Overview

Summary

An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.

Prerequisites

The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment.

Execution Flow

Step	Phase	Description	Techniques
1	Explore	[Determine Vulnerable Interface] An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.	If needed, the adversary explores an organization's network to determine if any specific systems of interest exist.
2	Exploit	[Leverage Test Interface to Execute Attacks] Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks.	The adversary can leverage the sample or test interface to conduct several types of attacks such as Adversary-in-the-Middle attacks (CAPEC-94), keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more.

Potential Solutions / Mitigations

Ensure that production systems do not contain non-production interfaces and that these interfaces are only used in development environments.

Related Weaknesses (CWE)

CWE ID	Description
CWE-489	Active Debug Code
CWE-1209	Failure to Disable Reserved Bits
CWE-1259	Improper Restriction of Security Token Assignment
CWE-1267	Policy Uses Obsolete Encoding
CWE-1270	Generation of Incorrect Security Tokens
CWE-1294	Insecure Security Identifier Mechanism
CWE-1295	Debug Messages Revealing Unnecessary Information
CWE-1296	Incorrect Chaining or Granularity of Debug Components
CWE-1302	Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
CWE-1313	Hardware Allows Activation of Test or Debug Logic at Runtime

Related CAPECs

CAPEC ID	Description
CAPEC-113	An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way.

CAPEC ID

Description

CAPEC-113

An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way.

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.