CAPEC-639 Detail

CAPEC-639

Name

Probe System Files

Typical Severity

Medium

Status

Stable

Published

2018-05-04
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.

Informations CAPEC

Prerequisites

An adversary has access to the file system of a system.

Mitigations

Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary.

Related Weaknesses

CWE-ID	Weakness Name
CWE-552	Files or Directories Accessible to External Parties The product makes files or directories accessible to unauthorized actors, even though they should not be.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2018-05-04 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Related_Attack_Patterns, Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Taxonomy_Mappings