CAPEC-694: System Location Discovery
Description
Extended Description
Many open-source software packages are hosted via third-party package managers (e.g., Node Package Manager, PyPi, Yarn, etc.) that allow for easy integration of software components into existing development environments. A package manager will typically include various metadata about the software and often include a link to the package's source code repository, to assist developers in determining the trustworthiness of the software. One common statistic used in this decision-making process is the popularity of the package. This entails checking the amount of "Stars" the package has received, which the package manager displays based on the provided source code repository URL. However, many package managers do not validate the connection between the package and source code repository being provided. Adversaries can thus spoof the popularity statistic of a malicious package by associating a popular source code repository URL with the package. This can ultimately trick developers into unintentionally incorporating the malicious package into their development environment.
Severity :
Very Low
Possibility :
High
Type :
Standard
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Prerequisites
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- The adversary must have some level of access to the system and have a basic understanding of the operating system in order to query the appropriate sources for relevant information.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- Low The adversary must know how to query various system sources of information respective of the system's operating system to obtain the relevant information.
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Resources required
The adversary requires access to the target's operating system tools to query relevant system information. On windows, registry queries can be conducted with powershell, wmi, or regedit. On Linux or macOS, queries can be performed with through a shell.
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
Visit http://capec.mitre.org/ for more details.