CAPEC-675: Retrieve Data from Decommissioned Devices
ID
CAPEC-675
Typical Severity
Medium
Likelihood Of Attack
Medium
Status
Stable
An adversary obtains decommissioned, recycled, or discarded systems and devices that can include an organization’s intellectual property, employee data, and other types of controlled information. Systems and devices that have reached the end of their lifecycles may be subject to recycle or disposal where they can be exposed to adversarial attempts to retrieve information from internal memory chips and storage devices that are part of the system.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| ATTACK | 1052 | Exfiltration Over Physical Medium |