Home > CAPEC List > CAPEC-203: Manipulate Application Registry Values (Version 2.11)  

CAPEC-203: Manipulate Application Registry Values

Manipulate Application Registry Values
Definition in a New Window Definition in a New Window
Attack Pattern ID: 203
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker manipulates the registry values used by an application to perform a variety of possible attacks. Many applications utilize registries to store configuration and service information. As such, attacks that manipulate these registries can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of the targeted application. It is important to note that "registry" does not only refer to the Microsoft Windows Registry, but to any registry used by an application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a registry value beyond an application's ability to store it), but given the long term usage of many registry values, the registry manipulation could be its own end.

+ Attack Prerequisites
  • The targeted application must rely on values stored in a registry.

+ Typical Severity


+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ References
[R.203.1] ATT&CK Project. "Service Registry Permissions Weakness (1058)". MITRE. <https://attack.mitre.org/wiki/Service_registry_permissions_weakness>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated ReferencesInternal
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Resources_RequiredInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017