Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-497:File Discovery
Attack Pattern ID:497
Version:v3.9
Attack Pattern Name:File Discovery
Abstraction:Standard
Status:Draft
Likelihood of Attack:High
Typical Severity:Very Low
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM169Footprinting
ParentOfD149Explore for Predictable Temporary File Names
Nature: ChildOf
Type: Meta
ID: 169
Name: Footprinting
Nature: ParentOf
Type: Detailed
ID: 149
Name: Explore for Predictable Temporary File Names
▼Execution Flow
▼Prerequisites
The adversary must know the location of these common key files.
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
ConfidentialityN/ARead DataN/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: N/A
▼Mitigations
Leverage file protection mechanisms to render these files accessible only to authorized parties.
▼Example Instances
▼Related Weaknesses
IDName
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
ID: CWE-200
Name: Exposure of Sensitive Information to an Unauthorized Actor
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1083File and Directory Discovery
Taxonomy Name: ATTACK
Entry ID: 1083
Entry Name: File and Directory Discovery
▼Notes
▼References
Details not found