Detailedseverity: MediumDraft

CAPEC-149Explore for Predictable Temporary File Names

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.

Related weaknesses· 1

CWE-377

Related attack patterns· 2

CAPEC-497 (ChildOf)CAPEC-155 (CanPrecede)

Exploits1

TypeTargetConfidenceTier
WeaknessInsecure Temporary Filecwe-377100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Screen Temporary Files for Sensitive Information
CAPEC
File Discovery
CAPEC
Identify Shared Files/Directories on System
CAPEC
Collect Data from Common Resource Locations
CAPEC
Create files with the same name as files protected with a higher classification
CAPEC
Directory Indexing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.