CAPEC-653: Use of Known Operating System Credentials

Description
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.
Extended Description

This attack can be extremely harmful when the operating system credentials used are for a root or admin user. Once an adversary gains access using credentials with elevated privileges, they are free to alter important system files which can effect other users who may use the system or other users on the system's network.

Severity :

High

Possibility :

High

Type :

Standard
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The system/application uses one factor password-based authentication, SSO, and/or cloud-based authentication.
  • The system/application does not have a sound password policy that is being enforced.
  • The system/application does not implement an effective password throttling mechanism.
  • The adversary possesses a list of known user accounts and corresponding passwords that may exist on the target.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low Once an adversary obtains a known credential, leveraging it is trivial.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

A list of known credentials for the targeted domain.

A custom script that leverages a credential list to launch an attack.

Visit http://capec.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 22, 2024 1:45