CAPEC-167 - Lifting Sensitive Data from the Client

An attacker examines an available client application for the presence of sensitive information. This information may be stored in configuration files, embedded within the application itself, or stored in other ways. Sensitive information may include long-term keys, passwords, credit card or financial information, and other private material that the client uses in its interactions with the server. While servers are (hopefully) protected with professional security administrators, most users may be less skilled at protecting their clients. As a result, the user client may represent a weak link that an attacker can exploit. If an attacker can gain access to a client installation, they may be able to detect and lift sensitive information that could be used directly (such as financial information), or allow the attacker to subvert future communication between the client and the server. In some cases, it may not even be necessary to gain access to another user's installation - if all instances of the client software are embedded with the same sensitive information (for example, long term keys for communication with the server) then the attacker must simply find a way to gain their own copy of the client in order to perform this attack.

Severity

Likelihood

Confidentiality

Integrity

Availability

The client application installation must retain sensitive information locally. Moreover, it must fail to adequately protect this information against viewing by an attacker. Encrypting the information would thwart this type of attack, but only if the key used to encrypt this information was not itself locally accessible.

Depending on the details of the attack, the attacker may require access to a targeted user's installation of the client. Alternatively, the attacker may need to acquire any instance of the client.