CAPEC-268
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Descriptions CAPEC
The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.
Informations CAPEC
Prerequisites
The target host is logging the action and data of the user.The target host insufficiently protects access to the logs or logging mechanisms.
Resources Required
The attacker must understand how the logging mechanism works.
Optionally, the attacker must know the location and the format of individual entries of the log files.
Related Weaknesses
| Weakness Name | |
|---|---|
CWE-117 |
Improper Output Neutralization for Logs The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
Submission
| Name | Organization | Date | Date release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns, Taxonomy_Mappings |
