CAPEC Details
Name Establish Rogue Location
Likelyhood of attack Typical severity
Medium Medium
Summary An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource.
Prerequisites A resource is expected to available to the user.
Solutions
Related Weaknesses
CWE ID Description
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Related CAPECS
CAPEC ID Description
CAPEC-154 An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.
CAPEC-691 An adversary spoofs open-source software metadata in an attempt to masquerade malicious software as popular, maintained, and trusted.
Taxonomy: ATTACK
Entry ID Entry Name
1036.005 Masquerading: Match Legitimate Name or Location