CAPEC-497 Metadata
Likelihood of Attack
High
Typical Severity
Very Low
Overview
Summary
An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.
Prerequisites
The adversary must know the location of these common key files.
Potential Solutions / Mitigations
Leverage file protection mechanisms to render these files accessible only to authorized parties.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-169 | An adversary engages in probing and exploration activities to identify constituents and properties of the target. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1083 | File and Directory Discovery |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.