Name |
Pull Data from System Resources |
|
Likelyhood of attack |
Typical severity |
Low |
High |
|
Summary |
An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location. |
Prerequisites |
|
Solutions | |
Related Weaknesses |
CWE ID
|
Description
|
CWE-1239 |
Improper Zeroization of Hardware Register |
CWE-1243 |
Sensitive Non-Volatile Information Not Protected During Debug |
CWE-1258 |
Exposure of Sensitive System Information Due to Uncleared Debug Information |
CWE-1258 |
Exposure of Sensitive System Information Due to Uncleared Debug Information |
CWE-1266 |
Improper Scrubbing of Sensitive Data from Decommissioned Device |
CWE-1272 |
Sensitive Information Uncleared Before Debug/Power State Transition |
CWE-1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
CWE-1323 |
Improper Management of Sensitive Trace Data |
CWE-1324 |
Sensitive Information Accessible by Physical Probing of JTAG Interface |
CWE-1330 |
Remanent Data Readable after Memory Erase |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-116 |
An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information. |
|
Taxonomy: ATTACK |
Entry ID
|
Entry Name
|
1555.001 |
Credentials from Password Stores:Keychain |
1005 |
Data from Local System |
|