CAPEC-295
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Descrições CAPEC
This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp returned from the target to attack time-based security algorithms, such as random number generators, or time-based authentication mechanisms.
Informações CAPEC
Pré-requisitos
The ability to send a timestamp request to a remote target and receive a response.Recursos Necessários
Scanners or utilities that provide the ability to send custom ICMP queries.Fraquezas Relacionadas
| Nome da Fraqueza | |
|---|---|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Referências
REF-33
Hacking Exposed: Network Security Secrets & SolutionsStuart McClure, Joel Scambray, George Kurtz.
REF-123
RFC792 - Internet Control Messaging ProtocolJ. Postel.
http://www.faqs.org/rfcs/rfc792.html
REF-124
RFC1122 - Requirements for Internet Hosts - Communication LayersR. Braden, Ed..
http://www.faqs.org/rfcs/rfc1122.html
REF-125
Host Discovery with NmapMark Wolfgang.
http://nmap.org/docs/discovery.pdf
REF-147
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security ScanningGordon "Fyodor" Lyon.
Submissão
| Nome | Organização | Data | Data de lançamento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description Summary, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns |
