CAPEC-75: Manipulating Writeable Configuration Files
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
前提条件
- Configuration files must be modifiable by the attacker
所需技能
后果影响
影响范围: Confidentiality Access Control Authorization
技术影响: Gain Privileges
缓解措施
Design: Enforce principle of least privilege
Design: Backup copies of all configuration files
Implementation: Integrity monitoring for configuration files
Implementation: Enforce audit logging on code and configuration promotion procedures.
Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD