Home > CAPEC List > CAPEC-204: Lifting Sensitive Data Embedded in Cache (Version 2.9)  

CAPEC-204: Lifting Sensitive Data Embedded in Cache

 
Lifting Sensitive Data Embedded in Cache
Definition in a New Window Definition in a New Window
Attack Pattern ID: 204
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.

+ Attack Prerequisites
  • The target application must store sensitive information in a cache.

  • The cache must be inadequately protected against attacker access.

+ Typical Severity

Medium

+ Resources Required

The attacker must be able to reach the target application's cache. This may require prior access to the machine on which the target application runs. If the cache is encrypted, the attacker would need sufficient computational resources to crack the encryption. With strong encryption schemes, doing this could be intractable, but weaker encryption schemes could allow an attacker with sufficient resources to read the file.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Related_Attack_Patterns, Related_WeaknessesInternal
Previous Entry Names
DatePrevious Entry Name
2015-11-09Lifting cached, sensitive data embedded in client distributions (thick or thin)

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015