Explore for predictable temporary file names
Attack Pattern ID: 149 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.

+ Attack Prerequisites

The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.

+ Resources Required

The attacker must be able to see the names of the files the target is creating.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern150Common resource location exploration 
Mechanism of Attack (primary)1000
Back to top