New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 3.2 and 3.3 Content  

Differences between 3.2 and 3.3 Content

Summary

Total (3.3) (not including Deprecated) 582
Total (3.2) (not including Deprecated) 575
Attack Patterns
New Patterns Added 7
Existing Patterns Modified with Enhanced Material 245
Categories
Existing Categories Modified with Enhanced Material 4
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 152
CAPEC -> CWE Mappings Removed 12
CAPEC -> CAPEC Mappings
CAPEC -> CAPEC Mappings Added 85
CAPEC -> CAPEC Mappings Removed 8

Summary of Entry Types

Type 3.2 3.3
Views 9 9
Categories 49 49
Attack Patterns 517 524
Deprecated 76 76

Back to top

Attack Pattern Changes

New Patterns Added
CAPEC-508 Shoulder Surfing
CAPEC-565 Password Spraying
CAPEC-600 Credential Stuffing
CAPEC-652 Use of Known Kerberos Credentials
CAPEC-653 Use of Known Windows Credentials
CAPEC-654 Credential Prompt Impersonation
CAPEC-655 Avoid Security Tool Identification by Adding Data

Existing Patterns Modified with Enhanced Material
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-7 Blind SQL Injection
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-11 Cause Web Server Misclassification
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-15 Command Delimiters
CAPEC-16 Dictionary-based Password Attack
CAPEC-17 Using Malicious Files
CAPEC-18 XSS Targeting Non-Script Elements
CAPEC-19 Embedding Scripts within Scripts
CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-23 File Content Injection
CAPEC-25 Forced Deadlock
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 XSS Through HTTP Query Strings
CAPEC-33 HTTP Request Smuggling
CAPEC-34 HTTP Response Splitting
CAPEC-36 Using Unpublished Interfaces
CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-40 Manipulating Writeable Terminal Devices
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-48 Passing Local Filenames to Functions That Expect a URL
CAPEC-49 Password Brute Forcing
CAPEC-50 Password Recovery Exploitation
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-55 Rainbow Table Password Cracking
CAPEC-58 Restful Privilege Elevation
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery
CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-65 Sniff Application Code
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-69 Target Programs with Elevated Privileges
CAPEC-70 Try Common or Default Usernames and Passwords
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-74 Manipulating State
CAPEC-75 Manipulating Writeable Configuration Files
CAPEC-76 Manipulating Web Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-83 XPath Injection
CAPEC-84 XQuery Injection
CAPEC-85 AJAX Fingerprinting
CAPEC-86 XSS Through HTTP Headers
CAPEC-87 Forceful Browsing
CAPEC-88 OS Command Injection
CAPEC-89 Pharming
CAPEC-90 Reflection Attack in Authentication Protocol
CAPEC-92 Forced Integer Overflow
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-94 Man in the Middle Attack
CAPEC-97 Cryptanalysis
CAPEC-98 Phishing
CAPEC-102 Session Sidejacking
CAPEC-103 Clickjacking
CAPEC-104 Cross Zone Scripting
CAPEC-105 HTTP Request Splitting
CAPEC-107 Cross Site Tracing
CAPEC-109 Object Relational Mapping Injection
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)
CAPEC-114 Authentication Abuse
CAPEC-116 Excavation
CAPEC-117 Interception
CAPEC-120 Double Encoding
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-122 Privilege Abuse
CAPEC-124 Shared Resource Manipulation
CAPEC-125 Flooding
CAPEC-126 Path Traversal
CAPEC-130 Excessive Allocation
CAPEC-131 Resource Leak Exposure
CAPEC-132 Symlink Attack
CAPEC-133 Try All Common Switches
CAPEC-139 Relative Path Traversal
CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets
CAPEC-141 Cache Poisoning
CAPEC-143 Detect Unpublicized Web Pages
CAPEC-144 Detect Unpublicized Web Services
CAPEC-146 XML Schema Poisoning
CAPEC-148 Content Spoofing
CAPEC-150 Collect Data from Common Resource Locations
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-159 Redirect Access to Libraries
CAPEC-160 Exploit Script-Based APIs
CAPEC-163 Spear Phishing
CAPEC-166 Force the System to Reset Values
CAPEC-169 Footprinting
CAPEC-170 Web Application Fingerprinting
CAPEC-174 Flash Parameter Injection
CAPEC-176 Configuration/Environment Manipulation
CAPEC-178 Cross-Site Flashing
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-185 Malicious Software Download
CAPEC-189 Black Box Reverse Engineering
CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality
CAPEC-191 Read Sensitive Constants Within an Executable
CAPEC-193 PHP Remote File Inclusion
CAPEC-196 Session Credential Falsification through Forging
CAPEC-197 XML Entity Expansion
CAPEC-198 XSS Targeting Error Pages
CAPEC-199 XSS Using Alternate Syntax
CAPEC-201 Serialized Data External Linking
CAPEC-203 Manipulate Registry Information
CAPEC-204 Lifting Sensitive Data Embedded in Cache
CAPEC-206 Signing Malicious Code
CAPEC-212 Functionality Misuse
CAPEC-215 Fuzzing and observing application log data/errors for application mapping
CAPEC-219 XML Routing Detour Attacks
CAPEC-221 Data Serialization External Entities Blowup
CAPEC-222 iFrame Overlay
CAPEC-227 Sustained Client Engagement
CAPEC-228 DTD Injection
CAPEC-229 Serialized Data Parameter Blowup
CAPEC-230 XML Nested Payloads
CAPEC-231 Oversized Serialized Data Payloads
CAPEC-233 Privilege Escalation
CAPEC-234 Hijacking a privileged process
CAPEC-236 Catching exception throw/signal from privileged block
CAPEC-237 Escaping a Sandbox by Calling Signed Code in Another Language
CAPEC-243 XSS Targeting HTML Attributes
CAPEC-244 XSS Targeting URI Placeholders
CAPEC-247 XSS Using Invalid Characters
CAPEC-248 Command Injection
CAPEC-251 Local Code Inclusion
CAPEC-267 Leverage Alternate Encoding
CAPEC-270 Modification of Registry Run Keys
CAPEC-271 Schema Poisoning
CAPEC-275 DNS Rebinding
CAPEC-292 Host Discovery
CAPEC-309 Network Topology Mapping
CAPEC-401 Physically Hacking Hardware
CAPEC-406 Dumpster Diving
CAPEC-421 Influence Perception of Authority
CAPEC-423 Influence Perception of Liking
CAPEC-438 Modification During Manufacture
CAPEC-439 Manipulation During Distribution
CAPEC-457 USB Memory Attacks
CAPEC-459 Creating a Rogue Certification Authority Certificate
CAPEC-462 Cross-Domain Search Timing
CAPEC-463 Padding Oracle Crypto Attack
CAPEC-466 Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy
CAPEC-467 Cross Site Identification
CAPEC-469 HTTP DoS
CAPEC-471 Search Order Hijacking
CAPEC-475 Signature Spoofing by Improper Validation
CAPEC-478 Modification of Windows Service Configuration
CAPEC-479 Malicious Root Certificate
CAPEC-481 Contradictory Destinations in Traffic Routing Schemes
CAPEC-482 TCP Flood
CAPEC-486 UDP Flood
CAPEC-488 HTTP Flood
CAPEC-489 SSL Flood
CAPEC-490 Amplification
CAPEC-491 XML Quadratic Expansion
CAPEC-497 File Discovery
CAPEC-498 Probe iOS Screenshots
CAPEC-499 Intent Intercept
CAPEC-503 WebView Exposure
CAPEC-504 Task Impersonation
CAPEC-506 Tapjacking
CAPEC-509 Kerberoasting
CAPEC-523 Malicious Software Implanted
CAPEC-524 Rogue Integration Procedures
CAPEC-528 XML Flood
CAPEC-529 Malware-Directed Internal Reconnaissance
CAPEC-532 Altered Installed BIOS
CAPEC-533 Malicious Manual Software Update
CAPEC-536 Data Injected During Configuration
CAPEC-542 Targeted Malware
CAPEC-545 Pull Data from System Resources
CAPEC-546 Probe Application Memory
CAPEC-550 Install New Service
CAPEC-551 Modify Existing Service
CAPEC-552 Install Rootkit
CAPEC-555 Remote Services with Stolen Credentials
CAPEC-556 Replace File Extension Handlers
CAPEC-558 Replace Trusted Executable
CAPEC-560 Use of Known Domain Credentials
CAPEC-561 Windows Admin Shares with Stolen Credentials
CAPEC-563 Add Malicious File to Shared Webroot
CAPEC-564 Run Software at Logon
CAPEC-568 Capture Credentials via Keylogger
CAPEC-569 Collect Data as Provided by Users
CAPEC-571 Block Logging to Central Repository
CAPEC-572 Artificially Inflate File Sizes
CAPEC-573 Process Footprinting
CAPEC-574 Services Footprinting
CAPEC-575 Account Footprinting
CAPEC-576 Group Permission Footprinting
CAPEC-578 Disable Security Software
CAPEC-579 Replace Winlogon Helper DLL
CAPEC-580 Application Footprinting
CAPEC-581 Security Software Footprinting
CAPEC-586 Object Injection
CAPEC-592 Stored XSS
CAPEC-593 Session Hijacking
CAPEC-597 Absolute Path Traversal
CAPEC-608 Cryptanalysis of Cellular Encryption
CAPEC-616 Establish Rogue Location
CAPEC-617 Cellular Rogue Base Station
CAPEC-620 Drop Encryption Level
CAPEC-624 Hardware Fault Injection
CAPEC-629 Unauthorized Use of Device Resources
CAPEC-633 Token Impersonation
CAPEC-634 Probe Audio and Video Peripherals
CAPEC-636 Hiding Malicious Data or Code within Files
CAPEC-637 Collect Data from Clipboard
CAPEC-638 Altered Component Firmware
CAPEC-639 Probe System Files
CAPEC-640 Inclusion of Code in Existing Process
CAPEC-641 DLL Side-Loading
CAPEC-642 Replace Binaries
CAPEC-643 Identify Shared Files/Directories on System
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
CAPEC-646 Peripheral Footprinting
CAPEC-647 Collect Data from Registries
CAPEC-648 Collect Data from Screen Capture
CAPEC-649 Adding a Space to a File Extension
CAPEC-650 Upload a Web Shell to a Web Server

Patterns Deprecated
Back to top

Category Changes

New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-225 Subvert Access Control
CAPEC-513 Software
CAPEC-514 Physical Security
CAPEC-515 Hardware

Categories Deprecated
Back to top

View Changes

Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
  --> CWE-1191 Exposed Chip Debug and or Test Interface With Insufficient Access Control
  --> CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
  --> CWE-1220 Insufficient Granularity of Access Control
  --> CWE-1224 Improper Restriction of Write-Once Bit Fields
  --> CWE-1244 Improper Authorization on Physical Debug and Test Interfaces
  --> CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
  --> CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
  --> CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
  --> CWE-1268 Agents Included in Control Policy are not Contained in Less-Privileged Policy
  --> CWE-1283 Mutable Attestation or Measurement Reporting Data
CAPEC-16 Dictionary-based Password Attack
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-26 Leveraging Race Conditions
  --> CWE-1223 Race Condition for Write-Once Attributes
CAPEC-36 Using Unpublished Interfaces
  --> CWE-1242 Inclusion of Undocumented Features or Chicken Bits
CAPEC-37 Retrieve Embedded Sensitive Data
  --> CWE-226 Sensitive Information Uncleared in Resource Before Release for Reuse
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
  --> CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CAPEC-49 Password Brute Forcing
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-55 Rainbow Table Password Cracking
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-62 Cross Site Request Forgery
  --> CWE-1275 Sensitive Cookie with Improper SameSite Attribute
CAPEC-66 SQL Injection
  --> CWE-1286 Improper Validation of Syntactic Correctness of Input
CAPEC-70 Try Common or Default Usernames and Passwords
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-74 Manipulating State
  --> CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic
  --> CWE-1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
  --> CWE-1271 Missing Known Value on Reset for Registers Holding Security Settings
CAPEC-97 Cryptanalysis
  --> CWE-1240 Use of a Risky Cryptographic Primitive
  --> CWE-1241 Use of Predictable Algorithm in Random Number Generator
  --> CWE-1279 Cryptographic Primitives used without Successful Self-Test
CAPEC-114 Authentication Abuse
  --> CWE-1244 Improper Authorization on Physical Debug and Test Interfaces
CAPEC-116 Excavation
  --> CWE-1243 Exposure of Security-Sensitive Fuse Values During Debug
CAPEC-121 Exploit Non-Production Interfaces
  --> CWE-1209 Failure to Disable Reserved Bits
CAPEC-124 Shared Resource Manipulation
  --> CWE-1189 Improper Isolation of Shared Resources on System-on-Chip (SoC)
CAPEC-150 Collect Data from Common Resource Locations
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
CAPEC-166 Force the System to Reset Values
  --> CWE-1232 Improper Lock Behavior After Power State Transition
CAPEC-176 Configuration/Environment Manipulation
  --> CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
  --> CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
  --> CWE-1190 DMA Device Enabled Too Early in Boot Phase
  --> CWE-1191 Exposed Chip Debug and or Test Interface With Insufficient Access Control
  --> CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
  --> CWE-1220 Insufficient Granularity of Access Control
  --> CWE-1222 Insufficient Granularity of Address Regions Protected by Register Locks
  --> CWE-1224 Improper Restriction of Write-Once Bit Fields
  --> CWE-1231 Improper Implementation of Lock Protection Registers
  --> CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
  --> CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
  --> CWE-1244 Improper Authorization on Physical Debug and Test Interfaces
  --> CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
  --> CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
  --> CWE-1259 Improper Protection of Security Identifiers
  --> CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges
  --> CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
  --> CWE-1274 Insufficient Protections on the Volatile Memory Containing Boot Code
  --> CWE-1280 Access Control Check Implemented After Asset is Accessed
CAPEC-189 Black Box Reverse Engineering
  --> CWE-203 Observable Discrepancy
CAPEC-204 Lifting Sensitive Data Embedded in Cache
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
CAPEC-212 Functionality Misuse
  --> CWE-1242 Inclusion of Undocumented Features or Chicken Bits
  --> CWE-1281 Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)
CAPEC-233 Privilege Escalation
  --> CWE-1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CAPEC-401 Physically Hacking Hardware
  --> CWE-1263 Insufficient Physical Protection Mechanism
CAPEC-439 Manipulation During Distribution
  --> CWE-1269 Product Released in Non-Release Configuration
CAPEC-508 Shoulder Surfing
  --> CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
  --> CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
CAPEC-509 Kerberoasting
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
  --> CWE-522 Insufficiently Protected Credentials
CAPEC-545 Pull Data from System Resources
  --> CWE-1239 Improper Zeroization of Hardware Register
  --> CWE-1243 Exposure of Security-Sensitive Fuse Values During Debug
  --> CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
  --> CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CAPEC-546 Probe Application Memory
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
  --> CWE-1272 Debug/Power State Transitions Leak Information
CAPEC-555 Remote Services with Stolen Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
CAPEC-560 Use of Known Domain Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-654 Reliance on a Single Factor in a Security Decision
  --> CWE-1273 Device Unlock Credential Sharing
CAPEC-561 Windows Admin Shares with Stolen Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
CAPEC-565 Password Spraying
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-521 Weak Password Requirements
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-600 Credential Stuffing
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-522 Insufficiently Protected Credentials
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-624 Hardware Fault Injection
  --> CWE-1247 Missing Protection Against Voltage and Clock Glitches
  --> CWE-1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
  --> CWE-1256 Hardware Features Enable Physical Attacks from Software
CAPEC-644 Use of Captured Hashes (Pass The Hash)
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-836 Use of Password Hash Instead of Password for Authentication
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-308 Use of Single-factor Authentication
CAPEC-652 Use of Known Kerberos Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-522 Insufficiently Protected Credentials
  --> CWE-654 Reliance on a Single Factor in a Security Decision
  --> CWE-836 Use of Password Hash Instead of Password for Authentication
CAPEC-653 Use of Known Windows Credentials
  --> CWE-262 Not Using Password Aging
  --> CWE-263 Password Aging with Long Expiration
  --> CWE-307 Improper Restriction of Excessive Authentication Attempts
  --> CWE-308 Use of Single-factor Authentication
  --> CWE-309 Use of Password System for Primary Authentication
  --> CWE-522 Insufficiently Protected Credentials
  --> CWE-654 Reliance on a Single Factor in a Security Decision
CAPEC-654 Credential Prompt Impersonation
  --> CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CAPEC --> CWE Mappings Removed
CAPEC-16 Dictionary-based Password Attack
  --> CWE-693 Protection Mechanism Failure
CAPEC-33 HTTP Request Smuggling
  --> CWE-436 Interpretation Conflict
CAPEC-49 Password Brute Forcing
  --> CWE-693 Protection Mechanism Failure
CAPEC-55 Rainbow Table Password Cracking
  --> CWE-693 Protection Mechanism Failure
CAPEC-66 SQL Injection
  --> CWE-20 Improper Input Validation
  --> CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  --> CWE-697 Incorrect Comparison
  --> CWE-707 Improper Neutralization
  --> CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
CAPEC-70 Try Common or Default Usernames and Passwords
  --> CWE-693 Protection Mechanism Failure
CAPEC-105 HTTP Request Splitting
  --> CWE-436 Interpretation Conflict
CAPEC-509 Kerberoasting
  --> CWE-552 Files or Directories Accessible to External Parties

CAPEC --> CAPEC Mappings Added
CAPEC-16 Dictionary-based Password Attack
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-49 Password Brute Forcing
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-50 Password Recovery Exploitation
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-55 Rainbow Table Password Cracking
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-70 Try Common or Default Usernames and Passwords
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-85 AJAX Fingerprinting
CanPrecede   --> CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CanFollow   --> CAPEC-279 SOAP Manipulation
CAPEC-225 Subvert Access Control
Has Member   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-228 DTD Injection
CanFollow   --> CAPEC-279 SOAP Manipulation
CAPEC-508 Shoulder Surfing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
Has Child   --> CAPEC-651 Eavesdropping
CAPEC-509 Kerberoasting
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-652 Use of Known Kerberos Credentials
CAPEC-513 Software
Has Member   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-514 Physical Security
Has Member   --> CAPEC-117 Interception
CAPEC-515 Hardware
Has Member   --> CAPEC-26 Leveraging Race Conditions
Has Member   --> CAPEC-74 Manipulating State
Has Member   --> CAPEC-113 API Manipulation
Has Member   --> CAPEC-114 Authentication Abuse
Has Member   --> CAPEC-116 Excavation
Has Member   --> CAPEC-122 Privilege Abuse
Has Member   --> CAPEC-124 Shared Resource Manipulation
Has Member   --> CAPEC-161 Infrastructure Manipulation
Has Member   --> CAPEC-176 Configuration/Environment Manipulation
Has Member   --> CAPEC-188 Reverse Engineering
Has Member   --> CAPEC-192 Protocol Analysis
Has Member   --> CAPEC-212 Functionality Misuse
Has Member   --> CAPEC-233 Privilege Escalation
Has Member   --> CAPEC-439 Manipulation During Distribution
Has Member   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-555 Remote Services with Stolen Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
CAPEC-561 Windows Admin Shares with Stolen Credentials
CanFollow   --> CAPEC-16 Dictionary-based Password Attack
CanFollow   --> CAPEC-49 Password Brute Forcing
CanFollow   --> CAPEC-50 Password Recovery Exploitation
CanFollow   --> CAPEC-55 Rainbow Table Password Cracking
CanFollow   --> CAPEC-70 Try Common or Default Usernames and Passwords
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-165 File Manipulation
CanPrecede   --> CAPEC-545 Pull Data from System Resources
CanPrecede   --> CAPEC-549 Local Execution of Code
CanFollow   --> CAPEC-565 Password Spraying
CanFollow   --> CAPEC-568 Capture Credentials via Keylogger
Has Child   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-565 Password Spraying
Has Child   --> CAPEC-49 Password Brute Forcing
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-568 Capture Credentials via Keylogger
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-600 Credential Stuffing
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CanPrecede   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CanPrecede   --> CAPEC-151 Identity Spoofing
CanPrecede   --> CAPEC-165 File Manipulation
CanPrecede   --> CAPEC-545 Pull Data from System Resources
CanPrecede   --> CAPEC-549 Local Execution of Code
Has Child   --> CAPEC-653 Use of Known Windows Credentials
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-652 Use of Known Kerberos Credentials
CAPEC-652 Use of Known Kerberos Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
CanFollow   --> CAPEC-157 Sniffing Attacks
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-653 Use of Known Windows Credentials
CanPrecede   --> CAPEC-151 Identity Spoofing
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-654 Credential Prompt Impersonation
Has Child   --> CAPEC-504 Task Impersonation
CAPEC-655 Avoid Security Tool Identification by Adding Data
Has Child   --> CAPEC-572 Artificially Inflate File Sizes

CAPEC --> CAPEC Mappings Removed
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CanFollow   --> CAPEC-280 DEPRECATED: SOAP Parameter Tampering
CAPEC-228 DTD Injection
CanFollow   --> CAPEC-280 DEPRECATED: SOAP Parameter Tampering
CAPEC-467 Cross Site Identification
Has Child   --> CAPEC-408 DEPRECATED: Information Gathering from Traditional Sources
CAPEC-509 Kerberoasting
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-560 Use of Known Domain Credentials
Has Child   --> CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-561 Windows Admin Shares with Stolen Credentials
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-644 Use of Captured Hashes (Pass The Hash)
Has Child   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
Has Child   --> CAPEC-560 Use of Known Domain Credentials
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 30, 2020
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2025, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.