CAPEC-564 Metadata
Likelihood of Attack
High
Typical Severity
High
Overview
Summary
Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.
Prerequisites
No prerequisites listed.
Potential Solutions / Mitigations
Restrict write access to logon scripts to necessary administrators.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-284 | Improper Access Control |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-542 | An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts. |
Taxonomy Mappings
Taxonomy: ATTACK
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.