An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities.
Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target.
| Nature | Type | ID | Name |
|---|---|---|---|
| ChildOf | M | 113 | Interface Manipulation |
| ParentOf | D | 661 | Root/Jailbreak Detection Evasion via Debugging |
Determine Vulnerable Interface
An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.
| Technique |
|---|
| If needed, the adversary explores an organization's network to determine if any specific systems of interest exist. |
Leverage Test Interface to Execute Attacks
Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks.
| Technique |
|---|
| The adversary can leverage the sample or test interface to conduct several types of attacks such as Adversary-in-the-Middle attacks (CAPEC-94), keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more. |
Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production.
| Scope | Likelihood | Impact | Note |
|---|---|---|---|
| ConfidentialityAccess ControlAuthentication | N/A | Gain PrivilegesBypass Protection Mechanism | N/A |
| ConfidentialityAccess ControlAuthorization | N/A | Read DataExecute Unauthorized Commands | N/A |
| Access ControlIntegrity | N/A | Modify DataAlter Execution Logic | N/A |
| ID | Name |
|---|---|
| CWE-1209 | Failure to Disable Reserved Bits |
| CWE-1259 | Improper Restriction of Security Token Assignment |
| CWE-1267 | Policy Uses Obsolete Encoding |
| CWE-1270 | Generation of Incorrect Security Tokens |
| CWE-1294 | Insecure Security Identifier Mechanism |
| CWE-1295 | Debug Messages Revealing Unnecessary Information |
| CWE-1296 | Incorrect Chaining or Granularity of Debug Components |
| CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) |
| CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime |
| CWE-489 | Active Debug Code |
| Taxonomy Name | Entry ID | Entry Name |
|---|