Home > CAPEC List > CAPEC-268: Audit Log Manipulation (Version 2.10)  

CAPEC-268: Audit Log Manipulation

 
Audit Log Manipulation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 268
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.

+ Attack Prerequisites
  • The target host is logging the action and data of the user.

  • The target host insufficiently protects access to the logs or logging mechanisms.

+ Resources Required

The attacker must understand how the logging mechanism works.

Optionally, the attacker must know the location and the format of individual entries of the log files.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Related_Attack_PatternsInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017