Programs with privilege are misused so as to provide
unauthorized privileged functions. Examples include the use of a backup
restoration program by an operator to intentionally restore the wrong
information, misuse of an automated script processing facility by forcing it
to make illicit copies of legitimate records, and the use of configuration
management tools to create vulnerabilities.
Complexity: Once a
vulnerability has been identified, exploitation is straightforward.
Systematically discovering such attacks is, in general, similar to the
complexity of gray box testing until the first fault is found.