An attacker examines a target application's code or configuration files to
find credential or key material that has been embedded within the
application or its files. Many services require authentication with their
users for the various purposes including billing, access control or
attribution. Some client applications store the user's authentication
credentials or keys to accelerate the login process. Some clients may have
built-in keys or credentials (in which case the server is authenticating
with the client, rather than the user). If the attacker is able to locate
where this information is stored, they may be able to retrieve these
credentials. The attacker could then use these stolen credentials to
impersonate the user or client, respectively, in interactions with the
service or use stolen keys to eavesdrop on nominally secure communications
between the client and server.
Attack Prerequisites
The target application must save keys or credential information. Many
applications allow users to store authentication information as an
option.
Resources Required
The attacker must be able to reach the target application's code or
configuration files. This may require prior access to the machine on which the
target application runs. Authentication information is often encoded, but this
does not require significant attacker resources to compromise.
The Java client program for the ATEN KH1516i IP KVM switch with
firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has
a hardcoded AES encryption key, which makes it easier for
man-in-the-middle attackers to (1) execute arbitrary Java code, or (2)
gain access to machines connected to the switch, by hijacking a
session.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
