Prerequisites
An adversary requires some way of interacting with the system.
Resources Required
A tool, such as an Adversary in the Middle (CAPEC-94) Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack.
Mitigations
Minimize error/response output to only what is necessary for functional use or corrective language.
Remove potentially sensitive information that is not necessary for the application's functionality.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
CWE-1243 |
Sensitive Non-Volatile Information Not Protected During Debug Access to security-sensitive information stored in fuses is not limited during debug. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2015-11-09 +00:00 |
Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact |
CAPEC Content Team |
The MITRE Corporation |
2017-05-01 +00:00 |
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Other_Notes, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2020-12-17 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2021-06-24 +00:00 |
Updated Resources_Required |
CAPEC Content Team |
The MITRE Corporation |
2022-09-29 +00:00 |
Updated Description, Extended_Description |