CAPEC-268: Audit Log Manipulation
The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.
Last updated
Overview
CAPEC-268 (Audit Log Manipulation) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The target host is logging the action and data of the user.
- The target host insufficiently protects access to the logs or logging mechanisms.
Resources required
- The attacker must understand how the logging mechanism works. Optionally, the attacker must know the location and the format of individual entries of the log files.
Terminology & mappings
Mapped taxonomies
- ATTACK: Indicator Removal on Host (1070)
- ATTACK: Impair Defenses: Disable Windows Event Logging (1562.002)
- ATTACK: Impair Defenses: Impair Command History Logging (1562.003)
- ATTACK: Impair Defenses: Disable Cloud Logs (1562.008)
- OWASP Attacks: Log Injection
Frequently asked questions
Common questions about CAPEC-268.
- What is CAPEC-268?
- The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.
- What weaknesses does CAPEC-268 target?
- CAPEC-268 exploits 1 CWE weakness, including CWE-117 (Improper Output Neutralization for Logs).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-268
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.