Detailedseverity: MediumDraft

CAPEC-204Lifting Sensitive Data Embedded in Cache

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.

Related weaknesses· 4

CWE-524CWE-311CWE-1239CWE-1258

MITRE ATT&CK crosswalk· 1

T1005: Data from Local System

Related attack patterns· 2

CAPEC-167 (ChildOf)CAPEC-560 (CanPrecede)

Exploits4

TypeTargetConfidenceTier
WeaknessImproper Zeroization of Hardware Registercwe-1239100%live
WeaknessMissing Encryption of Sensitive Datacwe-311100%live
WeaknessExposure of Sensitive System Information Due to Uncleared Debug Informationcwe-1258100%live
WeaknessUse of Cache Containing Sensitive Informationcwe-524100%live

Related to1

TypeTargetConfidenceTier
TechniqueData from Local Systemt1005100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Screen Temporary Files for Sensitive Information
CAPEC
Cache Poisoning
CAPEC
Retrieve Embedded Sensitive Data
CAPEC
DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)
CWE
Use of Cache Containing Sensitive Information
CAPEC
Collect Data from Clipboard
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.