Home > CAPEC List > CAPEC-150: Collect Data from Common Resource Locations (Version 2.11)  

CAPEC-150: Collect Data from Common Resource Locations

 
Collect Data from Common Resource Locations
Definition in a New Window Definition in a New Window
Attack Pattern ID: 150
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

+ Attack Prerequisites
  • The targeted applications must either expect files to be located at a specific location or, if the location of the files can be configured by the user, the user either failed to move the files from the default location or placed them in a conventional location for files of the given type.

+ Typical Severity

Medium

+ Resources Required

None: No specialized resources are required to execute this type of attack. In some cases, the attacker need not even have direct access to the locations on the target computer where the targeted resources reside.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Description SummaryInternal
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Description SummaryInternal
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Resources_RequiredInternal
Previous Entry Names
DatePrevious Entry Name
2015-12-07Common Resource Location Exploration

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017