CAPEC-191
Read Sensitive Constants Within an Executable
Bas
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-02-22
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.
Informations du CAPEC
Conditions préalables
Access to a binary or executable such that it can be analyzed by various utilities.Ressources nécessaires
Binary analysis programs such as 'strings' or 'grep', or hex editors.Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-798 |
Use of Hard-coded Credentials The product contains hard-coded credentials, such as a password or cryptographic key. |
Références
REF-51
Wikipediahttp://en.wikipedia.org/wiki/Decompiler
REF-52
Wikipediahttp://en.wikipedia.org/wiki/Debugger
REF-53
Wikipediahttp://en.wikipedia.org/wiki/Disassembler
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description Summary, Other_Notes, References, Related_Attack_Patterns, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated @Name, Description, Related_Attack_Patterns, Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
