CAPEC-268 - Audit Log Manipulation

The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.

Severity

Likelihood

Confidentiality

Integrity

Availability

The target host is logging the action and data of the user.

The target host insufficiently protects access to the logs or logging mechanisms.

The attacker must understand how the logging mechanism works.