CAPEC-224: Fingerprinting

Meta Stable 严重程度: Very Low 攻击可能性: High

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.

前提条件

A means by which to interact with the target system directly.

所需技能

Medium Some fingerprinting activity requires very specific knowledge of how different operating systems respond to various TCP/IP requests. Application fingerprinting can be as easy as envoking the application with the correct command line argument, or mouse clicking in the appropriate place on the screen.

所需资源

If on a network, the adversary needs a tool capable of viewing network communications at the packet level and with header information, like Mitmproxy, Wireshark, or Fiddler.

后果影响

影响范围: Confidentiality

技术影响: Read Data

缓解措施

While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application's functionality as much as possible.

分类映射

分类名称	条目ID	条目名称
WASC	45	Fingerprinting

关键信息

CAPEC ID: CAPEC-224

抽象级别: Meta

状态: Stable

典型严重程度: Very Low

攻击可能性: High