CAPEC-75

Standard Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: High Severity: Very High
Manipulating Writeable Configuration Files

Description

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

Prerequisites

Configuration files must be modifiable by the attacker

Mitigations

Design: Enforce principle of least privilege

Design: Backup copies of all configuration files

Implementation: Integrity monitoring for configuration files

Implementation: Enforce audit logging on code and configuration promotion procedures.

Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD

Skills Required

[Medium] To identify vulnerable configuration files, and understand how to manipulate servers and erase forensic evidence