CAPEC-184: Software Integrity Attack

Description
An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.
Extended Description

Most commonly, attackers would take advantage of controls that provided too little protection for sensitive activities in order to perform actions that should be denied to them. In some circumstances, an attacker may be able to take advantage of overly restrictive access control policies, initiating denial of services (if an application locks because it unexpectedly failed to be granted access) or causing other legitimate actions to fail due to security. The latter class of attacks, however, is usually less severe and easier to detect than attacks based on inadequate security restrictions. This attack pattern differs from CAPEC 1, "Accessing Functionality Not Properly Constrained by ACLs" in that the latter describes attacks where sensitive functionality lacks access controls, where, in this pattern, the access control is present, but incorrectly configured.

Severity :

Low

Possibility :

Type :

Meta
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-185: Malicious Software Download Malicious Software Download CAPEC-186: Malicious Software Update Malicious Software Update CAPEC-663: Exploitation of Transient Instruction Execution Exploitation of Transient Instruction Execution CAPEC-669: Alteration of a Software Update Alteration of a Software Update CAPEC-691: Spoof Open-Source Software Metadata Spoof Open-Source Software Metadata
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-494: Download of Code Without Integrity Check

Visit http://capec.mitre.org/ for more details.