Conditions préalables
Access to the system containing the ATA Drive so that the drive can be physically removed from the system.
Atténuations
Avoid using ATA password security when possible.
Use full disk encryption to protect the entire contents of the drive or sensitive partitions on the drive.
Leverage third-party utilities that interface with self-encrypting drives (SEDs) to provide authentication, while relying on the SED itself for data encryption.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Improper Authorization The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Références
REF-33
Hacking Exposed: Network Security Secrets & Solutions
Stuart McClure, Joel Scambray, George Kurtz.
REF-701
Using the ATA security features of modern hard disks and SSDs
Oliver Tennert.
https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs REF-702
Breaking ATA Password Security
https://security.utexas.edu/education-outreach/BreakingATA
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2022-02-22 +00:00 |
Updated Description, Example_Instances, Mitigations, References |