CAPEC-116

Excavation
HIGH
MEDIUM
Stable
2014-06-23 00:00 +00:00
2022-09-29 00:00 +00:00

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes.

Informations

Prerequisites

An adversary requires some way of interacting with the system.

Resources Required

A tool, such as an Adversary in the Middle (CAPEC-94) Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack.

Mitigations

Minimize error/response output to only what is necessary for functional use or corrective language.
Remove potentially sensitive information that is not necessary for the application's functionality.

Related Weaknesses

CWE-ID Weakness Name
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-1243 Sensitive Non-Volatile Information Not Protected During Debug
Access to security-sensitive information stored in fuses is not limited during debug.

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00 Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Other_Notes, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Resources_Required
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Description, Extended_Description
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.