CAPEC-149

Explore for Predictable Temporary File Names
Moyen
Draft
2014-06-23
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.

Informations du CAPEC

Conditions préalables

The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.
The attacker must be able to see the names of the files the target is creating.

Ressources nécessaires

None: No specialized resources are required to execute this type of attack.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-377

 Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2017-01-09 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Attack_Prerequisites, Resources_Required
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Weaknesses