New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 3.2 and 3.3 Content  

Differences between 3.2 and 3.3 Content

Summary

Total (3.3) (not including Deprecated) 582
Total (3.2) (not including Deprecated) 575
Attack Patterns
New Patterns Added 7
Existing Patterns Modified with Enhanced Material 245
Categories
Existing Categories Modified with Enhanced Material 4
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 152
CAPEC -> CWE Mappings Removed 12
CAPEC -> CAPEC Mappings
CAPEC -> CAPEC Mappings Added 85
CAPEC -> CAPEC Mappings Removed 8

Summary of Entry Types

Type 3.2 3.3
Views 9 9
Categories 49 49
Attack Patterns 517 524
Deprecated 76 76

Back to top

Attack Pattern Changes

New Patterns Added
CAPEC-508 Shoulder Surfing
CAPEC-565 Password Spraying
CAPEC-600 Credential Stuffing
CAPEC-652 Use of Known Kerberos Credentials
CAPEC-653 Use of Known Windows Credentials
CAPEC-654 Credential Prompt Impersonation
CAPEC-655 Avoid Security Tool Identification by Adding Data

Existing Patterns Modified with Enhanced Material
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-7 Blind SQL Injection
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-11 Cause Web Server Misclassification
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-15 Command Delimiters
CAPEC-16 Dictionary-based Password Attack
CAPEC-17 Using Malicious Files
CAPEC-18 XSS Targeting Non-Script Elements
CAPEC-19 Embedding Scripts within Scripts
CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-23 File Content Injection
CAPEC-25 Forced Deadlock
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 XSS Through HTTP Query Strings
CAPEC-33 HTTP Request Smuggling
CAPEC-34 HTTP Response Splitting
CAPEC-36 Using Unpublished Interfaces
CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-40 Manipulating Writeable Terminal Devices
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-48 Passing Local Filenames to Functions That Expect a URL
CAPEC-49 Password Brute Forcing
CAPEC-50 Password Recovery Exploitation
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-55 Rainbow Table Password Cracking
CAPEC-58 Restful Privilege Elevation
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery
CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-65 Sniff Application Code
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-69 Target Programs with Elevated Privileges
CAPEC-70 Try Common or Default Usernames and Passwords
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-74 Manipulating State
CAPEC-75 Manipulating Writeable Configuration Files
CAPEC-76 Manipulating Web Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-83 XPath Injection
CAPEC-84 XQuery Injection
CAPEC-85 AJAX Fingerprinting
CAPEC-86 XSS Through HTTP Headers
CAPEC-87 Forceful Browsing
CAPEC-88 OS Command Injection
CAPEC-89 Pharming
CAPEC-90 Reflection Attack in Authentication Protocol
CAPEC-92 Forced Integer Overflow
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-94 Man in the Middle Attack
CAPEC-97 Cryptanalysis
CAPEC-98 Phishing
CAPEC-102 Session Sidejacking
CAPEC-103 Clickjacking
CAPEC-104 Cross Zone Scripting
CAPEC-105 HTTP Request Splitting
CAPEC-107 Cross Site Tracing
CAPEC-109 Object Relational Mapping Injection
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)
CAPEC-114 Authentication Abuse
CAPEC-116 Excavation
CAPEC-117 Interception
CAPEC-120 Double Encoding
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-122 Privilege Abuse
CAPEC-124 Shared Resource Manipulation
CAPEC-125 Flooding
CAPEC-126 Path Traversal
CAPEC-130 Excessive Allocation
CAPEC-131 Resource Leak Exposure
CAPEC-132 Symlink Attack
CAPEC-133 Try All Common Switches
CAPEC-139 Relative Path Traversal
CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets
CAPEC-141 Cache Poisoning
CAPEC-143 Detect Unpublicized Web Pages
CAPEC-144 Detect Unpublicized Web Services
CAPEC-146 XML Schema Poisoning
CAPEC-148 Content Spoofing
CAPEC-150 Collect Data from Common Resource Locations
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-159 Redirect Access to Libraries
CAPEC-160 Exploit Script-Based APIs
CAPEC-163 Spear Phishing
CAPEC-166 Force the System to Reset Values
CAPEC-169 Footprinting
CAPEC-170 Web Application Fingerprinting
CAPEC-174 Flash Parameter Injection
CAPEC-176 Configuration/Environment Manipulation
CAPEC-178 Cross-Site Flashing
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-185 Malicious Software Download
CAPEC-189 Black Box Reverse Engineering
CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality
CAPEC-191 Read Sensitive Constants Within an Executable
CAPEC-193 PHP Remote File Inclusion
CAPEC-196 Session Credential Falsification through Forging
CAPEC-197 XML Entity Expansion
CAPEC-198 XSS Targeting Error Pages
CAPEC-199 XSS Using Alternate Syntax
CAPEC-201 Serialized Data External Linking
CAPEC-203 Manipulate Registry Information
CAPEC-204 Lifting Sensitive Data Embedded in Cache
CAPEC-206 Signing Malicious Code
CAPEC-212 Functionality Misuse
CAPEC-215 Fuzzing and observing application log data/errors for application mapping
CAPEC-219 XML Routing Detour Attacks
CAPEC-221 Data Serialization External Entities Blowup
CAPEC-222 iFrame Overlay
CAPEC-227 Sustained Client Engagement
CAPEC-228 DTD Injection
CAPEC-229 Serialized Data Parameter Blowup
CAPEC-230 XML Nested Payloads
CAPEC-231 Oversized Serialized Data Payloads
CAPEC-233 Privilege Escalation
CAPEC-234 Hijacking a privileged process
CAPEC-236 Catching exception throw/signal from privileged block
CAPEC-237 Escaping a Sandbox by Calling Signed Code in Another Language
CAPEC-243 XSS Targeting HTML Attributes
CAPEC-244 XSS Targeting URI Placeholders
CAPEC-247 XSS Using Invalid Characters
CAPEC-248 Command Injection
CAPEC-251 Local Code Inclusion
CAPEC-267 Leverage Alternate Encoding
CAPEC-270 Modification of Registry Run Keys
CAPEC-271 Schema Poisoning
CAPEC-275 DNS Rebinding
CAPEC-292 Host Discovery
CAPEC-309 Network Topology Mapping
CAPEC-401 Physically Hacking Hardware
CAPEC-406 Dumpster Diving
CAPEC-421 Influence Perception of Authority
CAPEC-423 Influence Perception of Liking
CAPEC-438 Modification During Manufacture
CAPEC-439 Manipulation During Distribution
CAPEC-457 USB Memory Attacks
CAPEC-459 Creating a Rogue Certification Authority Certificate
CAPEC-462 Cross-Domain Search Timing
CAPEC-463 Padding Oracle Crypto Attack
CAPEC-466 Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy
CAPEC-467 Cross Site Identification
CAPEC-469 HTTP DoS
CAPEC-471 Search Order Hijacking
CAPEC-475 Signature Spoofing by Improper Validation
CAPEC-478 Modification of Windows Service Configuration
CAPEC-479 Malicious Root Certificate
CAPEC-481 Contradictory Destinations in Traffic Routing Schemes
CAPEC-482 TCP Flood
CAPEC-486 UDP Flood
CAPEC-488 HTTP Flood
CAPEC-489 SSL Flood
CAPEC-490 Amplification
CAPEC-491 XML Quadratic Expansion
CAPEC-497 File Discovery
CAPEC-498 Probe iOS Screenshots
CAPEC-499 Intent Intercept
CAPEC-503 WebView Exposure
CAPEC-504 Task Impersonation
CAPEC-506 Tapjacking
CAPEC-509 Kerberoasting
CAPEC-523 Malicious Software Implanted
CAPEC-524 Rogue Integration Procedures
CAPEC-528 XML Flood
CAPEC-529 Malware-Directed Internal Reconnaissance
CAPEC-532 Altered Installed BIOS
CAPEC-533 Malicious Manual Software Update
CAPEC-536 Data Injected During Configuration
CAPEC-542 Targeted Malware
CAPEC-545 Pull Data from System Resources
CAPEC-546 Probe Application Memory
CAPEC-550 Install New Service
CAPEC-551 Modify Existing Service
CAPEC-552 Install Rootkit
CAPEC-555 Remote Services with Stolen Credentials
CAPEC-556 Replace File Extension Handlers
CAPEC-558 Replace Trusted Executable
CAPEC-560 Use of Known Domain Credentials
CAPEC-561 Windows Admin Shares with Stolen Credentials
CAPEC-563 Add Malicious File to Shared Webroot
CAPEC-564 Run Software at Logon
CAPEC-568 Capture Credentials via Keylogger
CAPEC-569 Collect Data as Provided by Users
CAPEC-571 Block Logging to Central Repository
CAPEC-572 Artificially Inflate File Sizes
CAPEC-573 Process Footprinting
CAPEC-574 Services Footprinting
CAPEC-575 Account Footprinting
CAPEC-576 Group Permission Footprinting
CAPEC-578 Disable Security Software
CAPEC-579 Replace Winlogon Helper DLL
CAPEC-580 Application Footprinting
CAPEC-581 Security Software Footprinting
CAPEC-586 Object Injection
CAPEC-592 Stored XSS
CAPEC-593 Session Hijacking
CAPEC-597 Absolute Path Traversal
CAPEC-608 Cryptanalysis of Cellular Encryption
CAPEC-616 Establish Rogue Location
CAPEC-617 Cellular Rogue Base Station
CAPEC-620 Drop Encryption Level
CAPEC-624 Hardware Fault Injection
CAPEC-629 Unauthorized Use of Device Resources
CAPEC-633 Token Impersonation
CAPEC-634 Probe Audio and Video Peripherals
CAPEC-636 Hiding Malicious Data or Code within Files
CAPEC-637 Collect Data from Clipboard
CAPEC-638 Altered Component Firmware
CAPEC-639 Probe System Files
CAPEC-640 Inclusion of Code in Existing Process
CAPEC-641 DLL Side-Loading
CAPEC-642 Replace Binaries
CAPEC-643 Identify Shared Files/Directories on System
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
CAPEC-646 Peripheral Footprinting
CAPEC-647 Collect Data from Registries
CAPEC-648 Collect Data from Screen Capture
CAPEC-649 Adding a Space to a File Extension
CAPEC-650 Upload a Web Shell to a Web Server

Patterns Deprecated
Back to top

Category Changes

New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-225 Subvert Access Control
CAPEC-513 Software
CAPEC-514 Physical Security
CAPEC-515 Hardware

Categories Deprecated
Back to top

View Changes

Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
  --> CWE-1191 Exposed Chip Debug and or Test Interface With Insufficient Access Control
  --> CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
  --> CWE-1220 Insufficient Granularity of Access Control
  --> CWE-1224 Improper Restriction of Write-Once Bit Fields
  --> CWE-1244 Improper Authorization on Physical Debug and Test Interfaces
  --> CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
  --> CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
  --> CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
  --> CWE-1268 Agents Included in Control Policy are not Contained in Less-Privileged Policy
  --> CWE-1283 Mutable Attestation or Measurement Reporting Data
CAPEC-16 Dictionary-based Password Attack
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-26 Leveraging Race Conditions
  --> CWE-1223 Race Condition for Write-Once Attributes
CAPEC-36 Using Unpublished Interfaces
  --> CWE-1242 Inclusion of Undocumented Features or Chicken Bits
CAPEC-37 Retrieve Embedded Sensitive Data
  --> CWE-226 Sensitive Information Uncleared in Resource Before Release for Reuse
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
  --> CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CAPEC-49 Password Brute Forcing
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-55 Rainbow Table Password Cracking
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-62 Cross Site Request Forgery
  --> CWE-1275 Sensitive Cookie with Improper SameSite Attribute
CAPEC-66 SQL Injection
  --> CWE-1286 Improper Validation of Syntactic Correctness of Input
CAPEC-70 Try Common or Default Usernames and Passwords
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-74 Manipulating State
  --> CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic
  --> CWE-1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
  --> CWE-1271 Missing Known Value on Reset for Registers Holding Security Settings
CAPEC-97 Cryptanalysis
  --> CWE-1240 Use of a Risky Cryptographic Primitive
  --> CWE-1241 Use of Predictable Algorithm in Random Number Generator
  --> CWE-1279 Cryptographic Primitives used without Successful Self-Test
CAPEC-114 Authentication Abuse
  --> CWE-1244 Improper Authorization on Physical Debug and Test Interfaces
CAPEC-116 Excavation
  --> CWE-1243 Exposure of Security-Sensitive Fuse Values During Debug
CAPEC-121 Exploit Non-Production Interfaces
  --> CWE-1209 Failure to Disable Reserved Bits
CAPEC-124 Shared Resource Manipulation
  --> CWE-1189 Improper Isolation of Shared Resources on System-on-Chip (SoC)
CAPEC-150 Collect Data from Common Resource Locations
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
CAPEC-166 Force the System to Reset Values
  --> CWE-1232 Improper Lock Behavior After Power State Transition
CAPEC-176 Configuration/Environment Manipulation
  --> CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
  --> CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
  --> CWE-1190 DMA Device Enabled Too Early in Boot Phase
  --> CWE-1191 Exposed Chip Debug and or Test Interface With Insufficient Access Control
  --> CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
  --> CWE-1220 Insufficient Granularity of Access Control
  --> CWE-1222 Insufficient Granularity of Address Regions Protected by Register Locks
  --> CWE-1224 Improper Restriction of Write-Once Bit Fields
  --> CWE-1231 Improper Implementation of Lock Protection Registers
  --> CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
  --> CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
  --> CWE-1244 Improper Authorization on Physical Debug and Test Interfaces
  --> CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
  --> CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
  --> CWE-1259 Improper Protection of Security Identifiers
  --> CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges
  --> CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
  --> CWE-1274 Insufficient Protections on the Volatile Memory Containing Boot Code
  --> CWE-1280 Access Control Check Implemented After Asset is Accessed
CAPEC-189 Black Box Reverse Engineering
  --> CWE-203 Observable Discrepancy
CAPEC-204 Lifting Sensitive Data Embedded in Cache
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
CAPEC-212 Functionality Misuse
  --> CWE-1242 Inclusion of Undocumented Features or Chicken Bits
  --> CWE-1281 Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)
CAPEC-233 Privilege Escalation
  --> CWE-1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CAPEC-401 Physically Hacking Hardware
  --> CWE-1263 Insufficient Physical Protection Mechanism
CAPEC-439 Manipulation During Distribution
  --> CWE-1269 Product Released in Non-Release Configuration
CAPEC-508 Shoulder Surfing
  --> CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
  --> CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
CAPEC-509 Kerberoasting
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
  --> CWE-522 Insufficiently Protected Credentials
CAPEC-545 Pull Data from System Resources
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1243 Exposure of Security-Sensitive Fuse Values During Debug
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
  --> CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CAPEC-546 Probe Application Memory
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
CAPEC-555 Remote Services with Stolen Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
CAPEC-560 Use of Known Domain Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
  --> CWE-1273 Device Unlock Credential Sharing
CAPEC-561 Windows Admin Shares with Stolen Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
CAPEC-565 Password Spraying
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-600 Credential Stuffing
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-522 Insufficiently Protected Credentials
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-624 Hardware Fault Injection
  --> CWE-1247 Missing Protection Against Voltage and Clock Glitches
  --> CWE-1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
  --> CWE-1256 Hardware Features Enable Physical Attacks from Software
CAPEC-644 Use of Captured Hashes (Pass The Hash)
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-836 Use of Password Hash Instead of Password for Authentication
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
CAPEC-652 Use of Known Kerberos Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-522 Insufficiently Protected Credentials
  --> CWE-654 Reliance on a Single Factor in a Security Decision
  --> CWE-836 Use of Password Hash Instead of Password for Authentication
CAPEC-653 Use of Known Windows Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-522 Insufficiently Protected Credentials
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-654 Credential Prompt Impersonation
  --> CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CAPEC --> CWE Mappings Removed
CAPEC-16 Dictionary-based Password Attack
  --> CWE-693 Protection Mechanism Failure
CAPEC-33 HTTP Request Smuggling
  --> CWE-436 Interpretation Conflict
CAPEC-49 Password Brute Forcing
  --> CWE-693 Protection Mechanism Failure
CAPEC-55 Rainbow Table Password Cracking
  --> CWE-693 Protection Mechanism Failure
CAPEC-66 SQL Injection
  --> CWE-20 Improper Input Validation
  --> CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  --> CWE-697 Incorrect Comparison
  --> CWE-707 Improper Neutralization
  --> CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
CAPEC-70 Try Common or Default Usernames and Passwords
  --> CWE-693 Protection Mechanism Failure
CAPEC-105 HTTP Request Splitting
  --> CWE-436 Interpretation Conflict
CAPEC-509 Kerberoasting
  --> CWE-552 Files or Directories Accessible to External Parties

CAPEC --> CAPEC Mappings Added
CAPEC-16 Dictionary-based Password Attack
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-49 Password Brute Forcing
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-50 Password Recovery Exploitation
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-55 Rainbow Table Password Cracking
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-70 Try Common or Default Usernames and Passwords
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-85 AJAX Fingerprinting
CanPrecede   --> CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CanFollow   --> CAPEC-279 SOAP Manipulation
CAPEC-225 Subvert Access Control
Has Member   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-228 DTD Injection
CanFollow   --> CAPEC-279 SOAP Manipulation
CAPEC-508 Shoulder Surfing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
Has Child   --> CAPEC-651 Eavesdropping
CAPEC-509 Kerberoasting
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-652 Use of Known Kerberos Credentials
CAPEC-513 Software
Has Member   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-514 Physical Security
Has Member   --> CAPEC-117 Interception
CAPEC-515 Hardware
Has Member   --> CAPEC-26 Leveraging Race Conditions
Has Member   --> CAPEC-74 Manipulating State
Has Member   --> CAPEC-113 API Manipulation
Has Member   --> CAPEC-114 Authentication Abuse
Has Member   --> CAPEC-116 Excavation
Has Member   --> CAPEC-122 Privilege Abuse
Has Member   --> CAPEC-124 Shared Resource Manipulation
Has Member   --> CAPEC-161 Infrastructure Manipulation
Has Member   --> CAPEC-176 Configuration/Environment Manipulation
Has Member   --> CAPEC-188 Reverse Engineering
Has Member   --> CAPEC-192 Protocol Analysis
Has Member   --> CAPEC-212 Functionality Misuse
Has Member   --> CAPEC-233 Privilege Escalation
Has Member   --> CAPEC-439 Manipulation During Distribution
Has Member   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-555 Remote Services with Stolen Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
CAPEC-561 Windows Admin Shares with Stolen Credentials
CanFollow   --> CAPEC-16 Dictionary-based Password Attack
CanFollow   --> CAPEC-49 Password Brute Forcing
CanFollow   --> CAPEC-50 Password Recovery Exploitation
CanFollow   --> CAPEC-55 Rainbow Table Password Cracking
CanFollow   --> CAPEC-70 Try Common or Default Usernames and Passwords
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-165 File Manipulation
CanPrecede   --> CAPEC-545 Pull Data from System Resources
CanPrecede   --> CAPEC-549 Local Execution of Code
CanFollow   --> CAPEC-565 Password Spraying
CanFollow   --> CAPEC-568 Capture Credentials via Keylogger
Has Child   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-565 Password Spraying
Has Child   --> CAPEC-49 Password Brute Forcing
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-568 Capture Credentials via Keylogger
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-165 File Manipulation
CanPrecede   --> CAPEC-545 Pull Data from System Resources
CanPrecede   --> CAPEC-549 Local Execution of Code
Has Child   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-652 Use of Known Kerberos Credentials
CAPEC-652 Use of Known Kerberos Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
CanFollow   --> CAPEC-157 Sniffing Attacks
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-653 Use of Known Windows Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-654 Credential Prompt Impersonation
Has Child   --> CAPEC-504 Task Impersonation
CAPEC-655 Avoid Security Tool Identification by Adding Data
Has Child   --> CAPEC-572 Artificially Inflate File Sizes

CAPEC --> CAPEC Mappings Removed
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CanFollow   --> CAPEC-280 DEPRECATED: SOAP Parameter Tampering
CAPEC-228 DTD Injection
CanFollow   --> CAPEC-280 DEPRECATED: SOAP Parameter Tampering
CAPEC-467 Cross Site Identification
Has Child   --> CAPEC-408 DEPRECATED: Information Gathering from Traditional Sources
CAPEC-509 Kerberoasting
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-560 Use of Known Domain Credentials
Has Child   --> CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-561 Windows Admin Shares with Stolen Credentials
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-644 Use of Captured Hashes (Pass The Hash)
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
Has Child   --> CAPEC-560 Use of Known Domain Credentials
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 30, 2020
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.