CAPEC-497

File Discovery
High
Very Low
Draft
2019-09-30
00h00 +00:00
2020-12-17
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.

Informations CAPEC

Prerequisites

The adversary must know the location of these common key files.

Mitigations

Leverage file protection mechanisms to render these files accessible only to authorized parties.

Related Weaknesses

CWE-ID Weakness Name

CWE-200

 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Resources_Required
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.