CAPEC-142: DNS Cache Poisoning
ID
CAPEC-142
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-345 | Insufficient Verification of Data Authenticity | weakness |
| CWE-346 | Origin Validation Error | weakness |
| CWE-348 | Use of Less Trusted Source | weakness |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | weakness |
| CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| ATTACK | 1584.002 | Compromise Infrastructure: DNS Server |