CAPEC-149: Explore for Predictable Temporary File Names
An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
Last updated
Overview
CAPEC-149 (Explore for Predictable Temporary File Names) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.
- The attacker must be able to see the names of the files the target is creating.
Resources required
- None: No specialized resources are required to execute this type of attack.
Frequently asked questions
Common questions about CAPEC-149.
- What is CAPEC-149?
- An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
- What weaknesses does CAPEC-149 target?
- CAPEC-149 exploits 1 CWE weakness, including CWE-377 (Insecure Temporary File).
- How severe is CAPEC-149?
- MITRE rates CAPEC-149 as Medium severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-149
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.