CAPEC Details
Name Lifting Sensitive Data Embedded in Cache
Likelyhood of attack Typical severity
High Medium
Summary An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.
Prerequisites The target application must store sensitive information in a cache. The cache must be inadequately protected against attacker access.
Execution Flow
Step Phase Description Techniques
1 Explore [Identify Application Cache] An adversary first identifies an application that utilizes a cache. This could either be a web application storing data in a browser cache, or an application running on a separate machine. The adversary examines the cache to determine file permissions and possible encryption.
  • Use probing tools to look for application cache files on a machine.
  • Use a web application and determine if any sensitive information is stored in browser cache.
2 Experiment [Attempt to Access Cache] Once the cache has been discovered, the adversary attempts to access the cached data. This often requires previous access to a machine hosting the target application.
  • Use priviledge escalation to access cache files that might have strict privileges.
  • If the application cache is encrypted with weak encryption, attempt to understand the encryption technique and break the encryption.
3 Exploit [Lift Sensitive Data from Cache] After gaining access to cached data, an adversary looks for potentially sensitive information and stores it for malicious use. This sensitive data could possibly be used in follow-up attacks related to authentication or authorization.
  • Using a public computer, or gaining access to a victim's computer, examine browser cache to look for sensitive data left over from previous sessions.
Solutions
Related Weaknesses
CWE ID Description
CWE-311 Missing Encryption of Sensitive Data
CWE-524 Use of Cache Containing Sensitive Information
CWE-1239 Improper Zeroization of Hardware Register
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
Related CAPECS
CAPEC ID Description
CAPEC-167 An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution.
CAPEC-560 An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
Taxonomy: ATTACK
Entry ID Entry Name
1005 Data from Local System