Detailedlikelihood: Highseverity: HighDraft

CAPEC-508Shoulder Surfing

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

In a shoulder surfing attack, an adversary observes an unaware individual's keystrokes, screen content, or conversations with the goal of obtaining sensitive information. One motive for this attack is to obtain sensitive information about the target for financial, personal, political, or other gains. From an insider threat perspective, an additional motive could be to obtain system/application credentials or cryptographic keys. Shoulder surfing attacks are accomplished by observing the content "over the victim's shoulder", as implied by the name of this attack.

Related weaknesses· 2

CWE-200CWE-359

Related attack patterns· 2

CAPEC-651 (ChildOf)CAPEC-560 (CanPrecede)

Exploits2

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live
WeaknessExposure of Private Personal Information to an Unauthorized Actorcwe-359100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Session Sidejacking
CAPEC
Eavesdropping
CAPEC
Reflected XSS
CAPEC
Session Credential Falsification through Manipulation
CAPEC
Privilege Abuse
CAPEC
Sniffing Network Traffic
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.