CAPEC-121: Exploit Non-Production Interfaces

Description

<p>An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.<p>

Extended Description

Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities.

Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target.

Severity :

High

Possibility :

Low

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-113: Interface Manipulation Interface Manipulation CAPEC-661: Root/Jailbreak Detection Evasion via Debugging Root/Jailbreak Detection Evasion via Debugging

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

High Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

For some interfaces, the adversary will need that appropriate client application or hardware that interfaces with the interface. Other non-production interfaces can be executed using simple tools, such as web browsers or console windows. In some cases, an adversary may need to be able to authenticate to the target before it can access the vulnerable interface.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-489: Active Debug Code

CWE-1209: Failure to Disable Reserved Bits

CWE-1259: Improper Restriction of Security Token Assignment

CWE-1267: Policy Uses Obsolete Encoding

CWE-1270: Generation of Incorrect Security Tokens

CWE-1294: Insecure Security Identifier Mechanism

CWE-1295: Debug Messages Revealing Unnecessary Information

CWE-1296: Incorrect Chaining or Granularity of Debug Components

CWE-1302: Missing Security Identifier

CWE-1313: Hardware Allows Activation of Test or Debug Logic at Runtime

Visit http://capec.mitre.org/ for more details.