Login
Login

cache poisoning

{{Distinguish|cache pollution}}

Cache poisoning refers to a computer security vulnerability where invalid entries can be placed into a cache, which are then assumed to be valid when later used.{{cite web|url=https://capec.mitre.org/data/definitions/141.html|title=CAPEC-141: Cache Poisoning|publisher=CAPEC|access-date=2021-01-22|archive-date=2021-01-22|archive-url=https://web.archive.org/web/20210122230525/https://capec.mitre.org/data/definitions/141.html|url-status=live}} Two common varieties are DNS cache poisoning{{Cite journal |last1=Wu |first1=Hao |last2=Dang |first2=Xianglei |last3=Wang |first3=Lidong |last4=He |first4=Longtao |date=2016 |title=Information fusion-based method for distributed domain name system cache poisoning attack detection and identification |url=https://onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2014.0386 |journal=IET Information Security |language=en |volume=10 |issue=1 |pages=37–44 |doi=10.1049/iet-ifs.2014.0386 |s2cid=45091791 |issn=1751-8717}} and ARP cache poisoning. Web cache poisoning involves the poisoning of web caches{{cite book |last1=Nguyen |first1=Hoai Viet |last2=Iacono |first2=Luigi Lo |last3=Federrath |first3=Hannes |title=Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |chapter=Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack |date=6 November 2019 |pages=1915–1936 |doi=10.1145/3319535.3354215|isbn=9781450367479 |s2cid=207958900 }} (which has led to security issues in programming languages, including all Python versions at the time in 2021, and expedited security updates{{Cite web |title=CVE - CVE-2021-23336 |url=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336 |access-date=2023-10-13 |website=cve.mitre.org}}). Attacks on other, more specific, caches also exist.{{cite book |last1=Hensler |first1=Christopher |last2=Tague |first2=Patrick |title=Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks |chapter=Using bluetooth low energy spoofing to dispute device details |date=15 May 2019 |pages=340–342 |doi=10.1145/3317549.3326321|isbn=9781450367264 |s2cid=160010874 }}{{cite book |last1=Daswani |first1=Neil |last2=Garcia-Molina |first2=Hector |title=Proceedings of the 11th ACM conference on Computer and communications security |chapter=Pong-cache poisoning in GUESS |date=2004 |pages=98–109 |doi=10.1145/1030083.1030099|isbn=1581139616 |s2cid=416914 }}{{cite journal |last1=Wang |first1=Dong |last2=Dong |first2=Wei Yu |title=Attacking Intel UEFI by Using Cache Poisoning |journal=Journal of Physics: Conference Series |date=April 2019 |volume=1187 |issue=4 |pages=042072 |doi=10.1088/1742-6596/1187/4/042072 |bibcode=2019JPhCS1187d2072W |doi-access=free }}

References

{{Reflist}}

Category:Computer security exploits

Category:Cache (computing)

{{Computer-security-stub}}