CAPEC-75 Metadata
Likelihood of Attack
High
Typical Severity
Very High
Overview
Summary
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
Prerequisites
Configuration files must be modifiable by the attacker
Potential Solutions / Mitigations
Design: Enforce principle of least privilege Design: Backup copies of all configuration files Implementation: Integrity monitoring for configuration files Implementation: Enforce audit logging on code and configuration promotion procedures. Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
| CWE-346 | Origin Validation Error |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
| CWE-353 | Missing Support for Integrity Check |
| CWE-354 | Improper Validation of Integrity Check Value |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-176 | An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.