CAPEC-149
Explore for Predictable Temporary File Names
Medium
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2023-01-24
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Descriptions CAPEC
An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
Informations CAPEC
Prerequisites
The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.The attacker must be able to see the names of the files the target is creating.
Resources Required
None: No specialized resources are required to execute this type of attack.Related Weaknesses
| Weakness Name | |
|---|---|
CWE-377 |
Insecure Temporary File Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
Submission
| Name | Organization | Date | Date release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses |
2025©
tesweb SA
