Dark Mode
Capec-149 Detail
Explore for Predictable Temporary File Names
Detailed Software Typical Severity: Medium
Parents: 497
Threats: T60 T65 T80 T258 T288 T291 T302 T334 T392 T407
An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-149 | capec | https://capec.mitre.org/data/definitions/149.html | |
| CWE-377 | cwe | http://cwe.mitre.org/data/definitions/377.html |
Not present
- The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.
- The attacker must be able to see the names of the files the target is creating.
- None: No specialized resources are required to execute this type of attack.
Not present
Not present
Not present