Incorrect Default Permissions [CWE-276] — The Hacktivists

Table of Content
1. Description
2. Potential impact
3. Attack patterns
4.
Affected software
5. Exploitation Examples
6. Severity and CVSS Scoring

1. Description
………………………………

C:\Users\Administrator>icacls C:
C: PC01\Administrator:(F)
NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
PC01\Administrator:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files

2. Potential impact
………………………………

3. Attack patterns
………………………………

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
CAPEC-19: Embedding Scripts within Scripts
CAPEC-81: Web Logs Tampering
CAPEC-127: Directory Indexing
CAPEC-169: Footprinting

4. Affected software
………………………………

5. Severity and CVSS Scoring
……………………………………..

6. Severity and CVSS Scoring
……………………………………..

Credits: https://www.immuniweb.com/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store