CAPEC-639: Probe System Files
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.
前提条件
- An adversary has access to the file system of a system.
后果影响
影响范围: Confidentiality
技术影响: Read Data
缓解措施
Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary.
示例实例
Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Adversaries may search network shares on computers they have compromised to find files of interest.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1039 | Data from Network Shared Drive |
| ATTACK | 1552.001 | Unsecured Credentials: Credentials in Files |
| ATTACK | 1552.003 | Unsecured Credentials: Bash History |
| ATTACK | 1552.004 | Unsecured Credentials: Private Keys |
| ATTACK | 1552.006 | Unsecured Credentials: Group Policy Preferences |