CAPEC-575 Detail

CAPEC-575

Name

Account Footprinting

Likihood attacks

Low

Typical Severity

Low

Status

Stable

Published

2015-11-09
00h00 +00:00

Modified

2020-07-30
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary exploits functionality meant to identify information about the domain accounts and their permissions on the target system to an authorized user. By knowing what accounts are registered on the target system, the adversary can inform further and more targeted malicious behavior. Example Windows commands which can acquire this information are: "net user" and "dsquery".

Informations CAPEC

Prerequisites

The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.

Mitigations

Identify programs that may be used to acquire account information and block them by using a software restriction policy or tools that restrict program execution by uysing a process allowlist.

Related Weaknesses

CWE-ID	Weakness Name
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00	Updated @Abstraction
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Mitigations