CAPEC-155 Screen Temporary Files for Sensitive Information

CAPEC ID: 155

CAPEC-155 Metadata

Likelihood of Attack

Medium

Typical Severity

Medium

Overview

Summary

An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.

Prerequisites

The target application must utilize temporary files and must fail to adequately secure them against other parties reading them.

Execution Flow

Step Phase Description Techniques
1 Explore [Look for temporary files in target application] An adversary will try to discover temporary files in a target application. Knowledge of where the temporary files are being stored is important information.
2 Experiment [Attempt to read temporary files] An adversary will attempt to read any temporary files they may have discovered through normal means.
  • Attempt to get the file by querying the file path to a web server
  • Using a remote shell into an application, read temporary files and send out information remotely if necessary
  • Recover temporary information from a user's browser cache
3 Exploit [Use function weaknesses to gain access to temporary files] If normal means to read temporary files did not work, an adversary will attempt to exploit weak temporary file functions to gain access to temporary files.
  • Some C functions such as tmpnam(), tempnam(), and mktemp() will create a temporary file with a unique name, but do not stop an adversary from creating a file of the same name before it is opened by the application. Because these functions do not create file names that are sufficiently random, an adversary will try to make a file of the same name, causing a collision, and possibly altering file permissions for the temporary file so that it is able to be read.
  • Similar to the last technique, an adversary might also create a file name collision using a linked file in a unix system such that the temporary file contents written out by the application write to a file of the adversaries choosing, allowing them to read the file contents.

Potential Solutions / Mitigations

No specific solutions listed.

Related Weaknesses (CWE)

CWE ID Description
CWE-377 Insecure Temporary File

Related CAPECs

CAPEC ID Description
CAPEC-150 An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.