CAPEC-166: Force the System to Reset Values
An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.
Last updated
Overview
Since these functions are usually intended as emergency features to return an application to a stable configuration if the current configuration degrades functionality, they may not be as strongly secured as other configuration options. The resetting of values is dangerous as it may enable undesired functionality, disable services, or modify access controls. At the very least this is a nuisance attack since the administrator will need to re-apply their configuration. At worst, this attack can open avenues for powerful attacks against the application, and, if it isn't obvious that the configuration has been reset, these vulnerabilities may be present a long time before they are notices.
What the attacker needs
Prerequisites
- The targeted application must have a reset function that returns the configuration of the application to an earlier state.
- The reset functionality must be inadequately protected against use.
Resources required
- None: No specialized resources are required to execute this type of attack. In some cases, the attacker may need special client applications in order to execute the reset functionality.
Frequently asked questions
Common questions about CAPEC-166.
- What is CAPEC-166?
- An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.
- What weaknesses does CAPEC-166 target?
- CAPEC-166 exploits 3 CWE weaknesses, including CWE-306 (Missing Authentication for Critical Function), CWE-1221 (Incorrect Register Defaults or Module Parameters), CWE-1232 (Improper Lock Behavior After Power State Transition).
- How severe is CAPEC-166?
- MITRE rates CAPEC-166 as Medium severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-166
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.