Home > CAPEC List > CAPEC-149: Explore for Predictable Temporary File Names (Version 2.10)  

CAPEC-149: Explore for Predictable Temporary File Names

 
Explore for Predictable Temporary File Names
Definition in a New Window Definition in a New Window
Attack Pattern ID: 149
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.

+ Attack Prerequisites

  • The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.

+ Typical Severity

Medium

+ Resources Required

The attacker must be able to see the names of the files the target is creating.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Related_Attack_PatternsInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017
 

Use of the Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy, and the associated references from this website, are subject to the Terms of Use. For more information, please email capec@mitre.org.

CAPEC is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2007 - 2017, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.

Privacy policy
Terms of use
Contact us