CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment
ID
CAPEC-546
Typical Severity
Medium
Likelihood Of Attack
Low
Status
Draft
An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.