CAPEC-166: Force the System to Reset Values

攻击模式描述

An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.

前提条件

• The targeted application must have a reset function that returns the configuration of the application to an earlier state.
• The reset functionality must be inadequately protected against use.

所需资源

• None: No specialized resources are required to execute this type of attack. In some cases, the attacker may need special client applications in order to execute the reset functionality.