1. Home
  2. CAPEC
  3. CAPEC-639

CAPEC-639: Probe System Files

ID CAPEC-639
Typical Severity Medium
Status Stable

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.

https://capec.mitre.org/data/definitions/639.html

Weaknesses

# ID Name Type
CWE-552 Files or Directories Accessible to External Parties weakness

Taxonomiy Mapping

Type # ID Name
ATTACK 1039 Data from Network Shared Drive
ATTACK 1552.001 Unsecured Credentials: Credentials in Files
ATTACK 1552.003 Unsecured Credentials: Bash History
ATTACK 1552.004 Unsecured Credentials: Private Keys
ATTACK 1552.006 Unsecured Credentials: Group Policy Preferences