Standard attack pattern
Draft
CAPEC-497: File Discovery
An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.
Last updated
Very Low
Typical severity
Per MITRE
High
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Standard
Abstraction
MITRE classification
Overview
CAPEC-497 (File Discovery) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must know the location of these common key files.
Consequences
What a successful CAPEC-497 attack can achieve.
Read Data
Affects: Confidentiality
How to mitigate it
Defenses that reduce the risk of CAPEC-497.
- Leverage file protection mechanisms to render these files accessible only to authorized parties.