Home > CAPEC List > CAPEC-224: Fingerprinting (Version 2.10)  

CAPEC-224: Fingerprinting

 
Fingerprinting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 224
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.

+ Attack Prerequisites
  • A means by which to interact with the target system directly.

+ Typical Severity

Very Low

+ Typical Likelihood of Exploit

Likelihood: High

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

+ Resources Required

If on a network, the adversary needs a tool capable of viewing network communications at the packet level and with header information, like Mitmproxy, Wireshark, or Fiddler.

+ Solutions and Mitigations

While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application's functionality as much as possible.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Read application data
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Related_Attack_PatternsInternal
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017