An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.
|
|
| ID | CAPEC-212 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 212 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | Medium |
| Typical Severity | Medium |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::The adversary has the capability to interact with the application directly.The target system does not adequately implement safeguards to prevent misuse of authorized actions/processes.:: |
| Skills Required | ::SKILL:General computer knowledge about how applications are launched, how they interact with input/output, and how they are configured.:LEVEL:Low:: |
| Resources Required | |
| Indicators | |
| Consequences | ::SCOPE:Confidentiality:TECHNICAL IMPACT:Gain Privileges:NOTE:A successful attack of this kind can compromise the confidentiality of an authorized user's credentials.::SCOPE:Confidentiality:SCOPE:Integrity:SCOPE:Availability:TECHNICAL IMPACT:Other:NOTE:Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.:: |
| Mitigations | ::Perform comprehensive threat modeling, a process of identifying, evaluating, and mitigating potential threats to the application. This effort can help reveal potentially obscure application functionality that can be manipulated for malicious purposes.::When implementing security features, consider how they can be misused and compromised.:: |
| Example Instances | |
| Related Weaknesses | ::1242::1246::1281:: |
| Taxonomy Mappings | |
| Notes | |