CAPEC-150 Collect Data from Common Resource Locations

CAPEC ID: 150

CAPEC-150 Metadata

Likelihood of Attack

High

Typical Severity

Medium

Overview

Summary

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

Prerequisites

The targeted applications must either expect files to be located at a specific location or, if the location of the files can be configured by the user, the user either failed to move the files from the default location or placed them in a conventional location for files of the given type.

Potential Solutions / Mitigations

No specific solutions listed.

Related Weaknesses (CWE)

CWE ID Description
CWE-552 Files or Directories Accessible to External Parties
CWE-1239 Improper Zeroization of Hardware Register
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition
CWE-1323 Improper Management of Sensitive Trace Data
CWE-1330 Remanent Data Readable after Memory Erase

Related CAPECs

CAPEC ID Description
CAPEC-116 An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes.

Taxonomy Mappings

Taxonomy: ATTACK

Entry ID Entry Name
1003 OS Credential Dumping
1119 Automated Collection
1213 Data from Information Repositories
1530 Data from Cloud Storage Object
1555 Credentials from Password Stores
1602 Data from Configuration Repository

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.