CAPEC-654

Credential Prompt Impersonation
Medio
Alto
Stable
2020-07-30
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Gestionar notificaciones

Descripciones CAPEC

An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials.

Informaciones CAPEC

Flujo de ejecución

1) Explore

[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing their credentials.

Técnica
  • Determine what tasks prompt a user for their credentials.
2) Exploit

[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials.

Técnica
  • Prompt a user for their credentials, while making the user believe the credential request is legitimate.

Prerrequisitos

The adversary must already have access to the target system via some means.
A legitimate task must exist that an adversary can impersonate to glean credentials.

Habilidades requeridas

Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.

Recursos requeridos

Malware or some other means to initially comprise the target system.
Additional malware to impersonate a legitimate credential prompt.

Mitigaciones

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Debilidades relacionadas

CWE-ID Nombre de la debilidad

CWE-1021

 Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

Envío

Nombre Organización Fecha Fecha de lanzamiento
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00

Modificaciones

Nombre Organización Fecha Comentario
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.