CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Very High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-37 (Retrieve Embedded Sensitive Data) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-37: Retrieve Embedded Sensitive Data

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

Examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-37?

How does a Retrieve Embedded Sensitive Data attack work?

What weaknesses does CAPEC-37 target?

How severe is CAPEC-37?

References

Defend against CAPEC-37

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

Examples

Related weaknesses

Related attack patterns

Parent

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-37?

How does a Retrieve Embedded Sensitive Data attack work?

What weaknesses does CAPEC-37 target?

How severe is CAPEC-37?

References

Defend against CAPEC-37