Name |
Exploit Non-Production Interfaces |
|
Likelyhood of attack |
Typical severity |
Low |
High |
|
Summary |
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable. Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities.
Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target. |
Prerequisites |
The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment. |
Execution Flow |
Step |
Phase |
Description |
Techniques |
1 |
Explore |
[Determine Vulnerable Interface] An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary. |
- If needed, the adversary explores an organization's network to determine if any specific systems of interest exist.
|
2 |
Exploit |
[Leverage Test Interface to Execute Attacks] Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks. |
- The adversary can leverage the sample or test interface to conduct several types of attacks such as Man-in-the-Middle attacks, keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more.
|
|
Solutions | Ensure that production systems to not contain non-production interfaces and that these interfaces are only used in development environments. |
Related Weaknesses |
CWE ID
|
Description
|
CWE-489 |
Active Debug Code |
CWE-1209 |
Failure to Disable Reserved Bits |
CWE-1313 |
Hardware Allows Activation of Test or Debug Logic at Runtime |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-113 |
An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way. |
|