English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CAPEC-141

Cache Poisoning
HIGH
HIGH
Draft
2014-06-23 00:00 +00:00
2022-09-29 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.

Informations

Execution Flow

1) Explore

[Identify and explore caches] Use tools to sniff traffic and scan a network in order to locate application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache) that may have vulnerabilities. Look for poisoning point in cache table entries.

Technique
  • Run tools that check available entries in the cache.

2) Experiment

[Cause specific data to be cached] An attacker sends bogus request to the target, and then floods responses that trick a cache to remember malicious responses, which are wrong answers of queries.

Technique
  • Intercept or modify a query, or send a bogus query with known credentials (such as transaction ID).

3) Exploit

[Redirect users to malicious website] As the attacker succeeds in exploiting the vulnerability, they are able to manipulate and interpose malicious response data to targeted victim queries.

Technique
  • Intercept or modify a query, or send a bogus query with known credentials (such as transaction ID).
  • Adversary-in-the-Middle attacks (CAPEC-94) intercept secure communication between two parties.

Prerequisites

The attacker must be able to modify the value stored in a cache to match a desired value.
The targeted application must not be able to detect the illicit modification of the cache and must trust the cache value in its calculations.

Skills Required

To overwrite/modify targeted cache

Mitigations

Configuration: Disable client side caching.
Implementation: Listens for query replies on a network, and sends a notification via email when an entry changes.

Related Weaknesses

CWE-ID Weakness Name
CWE-348 Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.

References

REF-22

Wikipedia
http://en.wikipedia.org/wiki/DNS_cache_poisoning

REF-23

DNS Threats and DNS Weaknesses
http://www.dnssec.net/dns-threats.php

REF-24

Wikipedia
http://en.wikipedia.org/wiki/ARP_spoofing

REF-599

OWASP Web Security Testing Guide
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses.html

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2015-12-07 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-01-09 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Execution_Flow, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated References, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Execution_Flow
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Example_Instances, Related_Weaknesses, Taxonomy_Mappings

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.