CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
Last updated
Overview
Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities. Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Determine Vulnerable Interface] An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.
- If needed, the adversary explores an organization's network to determine if any specific systems of interest exist.
- Step 2Exploit
[Leverage Test Interface to Execute Attacks] Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks.
- The adversary can leverage the sample or test interface to conduct several types of attacks such as Adversary-in-the-Middle attacks (CAPEC-94), keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more.
What the attacker needs
Prerequisites
- The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment.
Skills required
- High skill: Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production.
Resources required
- For some interfaces, the adversary will need that appropriate client application or hardware that interfaces with the interface. Other non-production interfaces can be executed using simple tools, such as web browsers or console windows. In some cases, an adversary may need to be able to authenticate to the target before it can access the vulnerable interface.
Consequences
What a successful CAPEC-121 attack can achieve.
Gain Privileges, Bypass Protection Mechanism
Affects: Confidentiality, Access Control, Authentication
Read Data, Execute Unauthorized Commands
Affects: Confidentiality, Access Control, Authorization
Modify Data, Alter Execution Logic
Affects: Access Control, Integrity
How to mitigate it
Defenses that reduce the risk of CAPEC-121.
- Ensure that production systems do not contain non-production interfaces and that these interfaces are only used in development environments.
Examples
Some software applications include application programming interfaces (APIs) that are intended to allow an administrator to test and refine their domain. These APIs are typically disabled once a system enters a production environment, but may be left in an insecure state due to a configuration error or mismanagement.
Many hardware systems leverage bits typically reserved for future functionality for testing and debugging purposes. If these reserved bits remain enabled in a production environment, it could allow an adversary to induce unwanted/unsupported behavior in the hardware.
Frequently asked questions
Common questions about CAPEC-121.
- What is CAPEC-121?
- An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
- How does a Exploit Non-Production Interfaces attack work?
- It typically unfolds over 2 phases. It begins with: [Determine Vulnerable Interface] An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.
- How do you prevent CAPEC-121?
- Ensure that production systems do not contain non-production interfaces and that these interfaces are only used in development environments.
- What weaknesses does CAPEC-121 target?
- CAPEC-121 exploits 10 CWE weaknesses, including CWE-489 (Active Debug Code), CWE-1209 (Failure to Disable Reserved Bits), CWE-1259 (Improper Restriction of Security Token Assignment), CWE-1267 (Policy Uses Obsolete Encoding).
- How severe is CAPEC-121?
- MITRE rates CAPEC-121 as High severity with low likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-121
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.