Lifting cached, sensitive data embedded in client distributions (thick or thin) |
Attack Pattern ID: 204 (Standard Attack Pattern Completeness: Stub) | Typical Severity: Medium | Status: Draft |
Lifting cached, sensitive data embedded in client distributions (thick or thin) |
Attack Pattern ID: 204 (Standard Attack Pattern Completeness: Stub) | Typical Severity: Medium | Status: Draft |
Summary
An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.
The target application must store sensitive information in a cache.
The cache must be inadequately protected against attacker access.
The attacker must be able to reach the target application's cache. This may require prior access to the machine on which the target application runs. If the cache is encrypted, the attacker would need sufficient computational resources to crack the encryption. With strong encryption schemes, doing this could be intractable, but weaker encryption schemes could allow an attacker with sufficient resources to read the file.
CWE-ID | Weakness Name | Weakness Relationship Type |
---|---|---|
311 | Missing SecurityDatabase\Encrypt\Encryption of Sensitive Data | Targeted |
Nature | Type | ID | Name | Description | View(s) this relationship pertains to![]() |
---|---|---|---|---|---|
ChildOf | ![]() | 37 | Lifting Data Embedded in Client Distributions | Mechanism of Attack (primary)1000 | |
ParentOf | ![]() | 90 | Reflection Attack in Authentication Protocol | Mechanism of Attack (primary)1000 |
Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.