CAPEC-116: Excavation

Meta Stable 严重程度: Medium 攻击可能性: High

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes.

前提条件

  • An adversary requires some way of interacting with the system.

所需资源

  • A tool, such as an Adversary in the Middle (CAPEC-94) Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack.

后果影响

影响范围: Confidentiality

技术影响: Read Data

缓解措施

Minimize error/response output to only what is necessary for functional use or corrective language.

Remove potentially sensitive information that is not necessary for the application's functionality.

关键信息

CAPEC ID: CAPEC-116

抽象级别: Meta

状态: Stable

典型严重程度: Medium

攻击可能性: High

相关攻击模式
CanPrecede CAPEC-163

Spear Phishing

Detailed
相关CWE弱点
CWE-200 CWE-1243
返回列表