Cache Poisoning
Attack Pattern ID: 141 (Standard Attack Pattern Completeness: Stub)Typical Severity: HighStatus: Draft
+ Description

Summary

An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache . The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.

+ Attack Prerequisites

The attacker must be able to modify the value stored in a cache to match a desired value.

The targeted application must not be able to detect the illicit modification of the cache and must trust the cache value in its calculations.

+ Resources Required

No special resources are required beyond the ability to modify the targeted cache.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory210Abuse of Functionality 
Mechanism of Attack (primary)1000
Back to top