CAPEC-224 Metadata
Likelihood of Attack
High
Typical Severity
Very Low
Overview
Summary
An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.
Prerequisites
A means by which to interact with the target system directly.
Potential Solutions / Mitigations
While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application's functionality as much as possible.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
Taxonomy Mappings
Taxonomy: WASC
| Entry ID | Entry Name |
|---|---|
| 45 | Fingerprinting |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.