Name File Discovery
Summary An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.
Prerequisites The adversary must know the location of these common key files.
Solutions Leverage file protection mechanisms to render these files accessible only to authorized parties.
Related Weaknesses
CWE ID Description
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Back to Top