Skip to content

Latest commit

 

History

History
82 lines (72 loc) · 5.73 KB

attack-tree.md

File metadata and controls

82 lines (72 loc) · 5.73 KB

Attack Tree Analysis for touchlab/kermit

Objective: DoS or Leak Sensitive Information via Kermit

Attack Tree Visualization

Goal: DoS or Leak Sensitive Information via Kermit

├── 1. Denial of Service (DoS) │ ├── 1.1. Excessive Log Generation [HIGH-RISK] │ │ ├── 1.1.1. Exploit Misconfigured Log Level │ │ │ ├── 1.1.1.1. Application sets excessively verbose log level (e.g., "Verbose" in production). [CRITICAL] │ │ │ └── 1.1.1.2. Attacker triggers code paths that generate many log messages (e.g., repeated failed login attempts, error conditions). [CRITICAL] │ ├── 1.2. Log Storage Exhaustion [HIGH-RISK] │ │ ├── 1.2.1. Fill Disk Space │ │ │ ├── 1.2.1.1. Combine with 1.1 (Excessive Log Generation) to rapidly fill available storage. [CRITICAL] │ └── 2. Sensitive Information Leakage [HIGH-RISK] ├── 2.1. Log Injection [HIGH-RISK] │ ├── 2.1.1. Attacker controls part of the logged message. │ │ ├── 2.1.1.1. Application logs user-supplied data without sanitization. [CRITICAL] │ │ │ ├── 2.1.1.1.1. Attacker injects sensitive data (e.g., other users' session tokens, internal IP addresses) into their input. [CRITICAL] │ │ └── 2.1.1.2. Application logs sensitive data directly (e.g., passwords, API keys, PII). This is a major application vulnerability, but Kermit facilitates the leak. [CRITICAL]

Attack Tree Path: 1. Denial of Service (DoS)

  • 1.1. Excessive Log Generation [HIGH-RISK]

    • Description: The attacker aims to overwhelm the system by causing it to generate an excessive amount of log data. This can lead to resource exhaustion (CPU, memory, disk I/O) and ultimately a denial of service.
    • 1.1.1. Exploit Misconfigured Log Level
      • 1.1.1.1. Application sets excessively verbose log level (e.g., "Verbose" in production). [CRITICAL]
        • Description: The application is configured to log at a very detailed level (e.g., "Verbose" or "Debug") in a production environment. This results in a large volume of log data being generated even for normal operations.
        • Likelihood: Medium
        • Impact: Medium to High
        • Effort: Very Low
        • Skill Level: Novice
        • Detection Difficulty: Easy
      • 1.1.1.2. Attacker triggers code paths that generate many log messages (e.g., repeated failed login attempts, error conditions). [CRITICAL]
        • Description: The attacker intentionally triggers actions within the application that are known to generate log messages. This could be repeated failed login attempts, submitting invalid data, or exploiting error handling routines.
        • Likelihood: High
        • Impact: Medium to High
        • Effort: Very Low
        • Skill Level: Novice
        • Detection Difficulty: Medium

  • 1.2. Log Storage Exhaustion [HIGH-RISK]

    • Description: The attacker aims to fill the available storage space allocated for logs, causing the application or system to become unstable or crash.
    • 1.2.1. Fill Disk Space
      • 1.2.1.1. Combine with 1.1 (Excessive Log Generation) to rapidly fill available storage. [CRITICAL]
        • Description: This is a combination of the excessive log generation attack. By generating a large volume of logs, the attacker quickly consumes all available disk space.
        • Likelihood: Medium
        • Impact: High
        • Effort: Low to Medium
        • Skill Level: Novice to Intermediate
        • Detection Difficulty: Easy

Attack Tree Path: 2. Sensitive Information Leakage [HIGH-RISK]

  • 2.1. Log Injection [HIGH-RISK]
    • Description: The attacker manipulates the content of log messages to inject their own data or disrupt log analysis.
    • 2.1.1. Attacker controls part of the logged message.
      • 2.1.1.1. Application logs user-supplied data without sanitization. [CRITICAL]
        • Description: The application directly logs data provided by the user without properly sanitizing or escaping it. This allows the attacker to inject arbitrary content into the logs.
        • Likelihood: Medium
        • Impact: High to Very High
        • Effort: Low
        • Skill Level: Intermediate
        • Detection Difficulty: Hard
        • 2.1.1.1.1. Attacker injects sensitive data (e.g., other users' session tokens, internal IP addresses) into their input. [CRITICAL]
          • Description: The attacker leverages the lack of input sanitization to inject sensitive information belonging to other users or the system itself into the logs.
          • Likelihood: Medium
          • Impact: High to Very High
          • Effort: Low
          • Skill Level: Intermediate
          • Detection Difficulty: Hard
      • 2.1.1.2. Application logs sensitive data directly (e.g., passwords, API keys, PII). This is a major application vulnerability, but Kermit facilitates the leak. [CRITICAL]
        • Description: The application is coded in a way that directly logs sensitive information, such as passwords, API keys, or personally identifiable information (PII). This is a severe security violation.
        • Likelihood: Low
        • Impact: Very High
        • Effort: Very Low
        • Skill Level: Novice
        • Detection Difficulty: Medium