Dark Mode

Settings

Capec-546 Detail

Incomplete Data Deletion in a Multi-Tenant Environment

Detailed Software Hardware Likelihood: Low Typical Severity: Medium

Parents: 545

Threats: T258 T291 T302

Description

An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.

Not present

External ID Source Link Description
CAPEC-546 capec https://capec.mitre.org/data/definitions/546.html
CWE-284 cwe http://cwe.mitre.org/data/definitions/284.html
CWE-1266 cwe http://cwe.mitre.org/data/definitions/1266.html
CWE-1272 cwe http://cwe.mitre.org/data/definitions/1272.html
REF-461 reference_from_CAPEC https://nms.kcl.ac.uk/jose.such/pubs/Assured_deletion.pdf Kopo M. Ramokapane, Awais Rashid, Jose M. Such, Assured Deletion in the Cloud: Requirements, Challenges and Future Directions, Association for Computing Machinery (ACM), Proceedings of the 2016 ACM on Cloud Computing Security Workshop

Not present

  1. The cloud provider must not assuredly delete part or all of the sensitive data for which they are responsible.The adversary must have the ability to interact with the system.

Not present

Low
The adversary requires the ability to traverse directory structure.
Confidentiality
Read Data (A successful attack that probes application memory will compromise the confidentiality of that data.)

Not present

We use cookies to ensure you get the best experience on our website.