CAPEC-690: Metadata Spoofing
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
前提条件
- Identification of a resource whose metadata is to be spoofed
所需技能
后果影响
影响范围: Integrity
技术影响: Modify Data
影响范围: Accountability
技术影响: Hide Activities
影响范围: Access Control Authorization
技术影响: Execute Unauthorized Commands
缓解措施
Validate metadata of resources such as authors, timestamps, and statistics.
Confirm the pedigree of open source packages and ensure the code being downloaded does not originate from another source.
Even if the metadata is properly checked and a user believes it to be legitimate, there may still be a chance that they've been duped. Therefore, leverage automated testing techniques to determine where malicious areas of the code may exist.
关键信息
CAPEC ID: CAPEC-690
抽象级别: Meta
状态: Stable
典型严重程度: High
攻击可能性: Medium