Detailedlikelihood: Mediumseverity: MediumDraft

CAPEC-155Screen Temporary Files for Sensitive Information

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
Medium

Description

An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.

Related weaknesses· 1

CWE-377

Related attack patterns· 1

CAPEC-150 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInsecure Temporary Filecwe-377100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Explore for Predictable Temporary File Names
CAPEC
Lifting Sensitive Data Embedded in Cache
CAPEC
Hiding Malicious Data or Code within Files
CAPEC
Probe System Files
CWE
Insecure Temporary File
CAPEC
File Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.