Detailedlikelihood: Highseverity: HighDraft
CAPEC-142DNS Cache Poisoning
Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High
Description
A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
Related weaknesses· 5
MITRE ATT&CK crosswalk· 1
Related attack patterns· 2
Exploits5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Insufficient Verification of Data Authenticitycwe-345 | 100% | live |
| Weakness | Origin Validation Errorcwe-346 | 100% | live |
| Weakness | Acceptance of Extraneous Untrusted Data With Trusted Datacwe-349 | 100% | live |
| Weakness | Use of Less Trusted Sourcecwe-348 | 100% | live |
| Weakness | Reliance on Reverse DNS Resolution for a Security-Critical Actioncwe-350 | 100% | live |
Related to1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | DNS Servert1584.002 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.