CAPEC-191 Metadata
Likelihood of Attack
High
Typical Severity
Low
Overview
Summary
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.
Prerequisites
Access to a binary or executable such that it can be analyzed by various utilities.
Potential Solutions / Mitigations
No specific solutions listed.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-798 | Use of Hard-coded Credentials |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-167 | An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1552.001 | Unsecured Credentials:Credentials in files |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.