CAPEC-654: Credential Prompt Impersonation
Description
Extended Description
The adversary may monitor the task list maintained by the operating system and wait for a specific legitimate credential prompt to become active. Once the prompt is detected, the adversary launches a new credential prompt in the foreground that mimics the user interface of the legitimate credential prompt. At this point, the user thinks that they are interacting with the legitimate credential prompt, but instead they are interacting with the malicious credential prompt.
A second approach involves the adversary impersonating an unexpected credential prompt, but one that may often be spawned by legitimate background processes. For example, an adversary may randomly impersonate a system credential prompt, implying that a background process or commonly used application (e.g., email reader) requires authentication for some purpose. The user, believing they are interacting with a legitimate credential prompt, enters their credentials which the adversary then leverages for nefarious purposes. The ultimate goal of this attack is to obtain sensitive information (e.g., credentials) from the user.
Severity :
High
Possibility :
Medium
Type :
Detailed
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Prerequisites
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- The adversary must already have access to the target system via some means.
- A legitimate task must exist that an adversary can impersonate to glean credentials.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- Low Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Resources required
Malware or some other means to initially comprise the target system.
Additional malware to impersonate a legitimate credential prompt.
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
Visit http://capec.mitre.org/ for more details.