CAPEC-166 Detail

CAPEC-166

Name

Force the System to Reset Values

Typical Severity

Medium

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2022-02-22
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.

Informations CAPEC

Prerequisites

The targeted application must have a reset function that returns the configuration of the application to an earlier state.
The reset functionality must be inadequately protected against use.

Resources Required

None: No specialized resources are required to execute this type of attack. In some cases, the attacker may need special client applications in order to execute the reset functionality.

Related Weaknesses

CWE-ID	Weakness Name
CWE-306	Missing Authentication for Critical Function The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-1221	Incorrect Register Defaults or Module Parameters Hardware description language code incorrectly defines register defaults or hardware Intellectual Property (IP) parameters to insecure values.
CWE-1232	Improper Lock Behavior After Power State Transition Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2017-08-04 +00:00	Updated Resources_Required
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated @Abstraction
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Extended_Description