Standardlikelihood: Mediumseverity: HighDraft

CAPEC-36Using Unpublished Interfaces or Functionality

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for. Metadata: standard CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-306, CWE-693, CWE-695, CWE-1242. Related CAPEC pattern: [object Object].

Related weaknesses· 4

CWE-306CWE-693CWE-695CWE-1242

Related attack patterns· 1

CAPEC-113 (ChildOf)

Exploits4

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-306100%live
WeaknessInclusion of Undocumented Features or Chicken Bitscwe-1242100%live
WeaknessUse of Low-Level Functionalitycwe-695100%live
WeaknessProtection Mechanism Failurecwe-693100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Exploit Non-Production Interfaces
CAPEC
Detect Unpublicized Web Services
CAPEC
Functionality Bypass
CAPEC
Accessing Functionality Not Properly Constrained by ACLs
CAPEC
Detect Unpublicized Web Pages
CAPEC
Interface Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.