CAPEC-121

Standard Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: High
Exploit Non-Production Interfaces

Description

An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.

Prerequisites

The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment.

Mitigations

Ensure that production systems do not contain non-production interfaces and that these interfaces are only used in development environments.

Skills Required

[High] Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production.