CAPEC-75
Description
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
Prerequisites
Configuration files must be modifiable by the attacker
Mitigations
Design: Enforce principle of least privilege
Design: Backup copies of all configuration files
Implementation: Integrity monitoring for configuration files
Implementation: Enforce audit logging on code and configuration promotion procedures.
Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD
Skills Required
[Medium] To identify vulnerable configuration files, and understand how to manipulate servers and erase forensic evidence