CAPEC-70: Try Common or Default Usernames and Passwords

Description

An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.

Extended Description

This attack gives the adversary the ability to view an external monitor with an insignificant delay. There is also no indicator of compromise from the victim visible on the monitor.

The eavesdrop is possible due to a signal leakage, that is produced at different points of the connection, including the source port, the connection between the cable and PC, the cable itself, and the connection between the cable and the monitor. That signal leakage can be captured near any of the leak points, but also in a near location, like the next room or a few meters away, using an SDR (Software-defined Radio) device and the correspondent software, that process and interpret the signal to show attackers what the monitor is displaying.

From the victim’s point of view, this specified attack might cause a high risk, and from the other hand, from the attacker’s point of view, the attack is excellent, since the specified attack method can be used without investing too much effort or require too many skills, as long as the right attack tool is in right place, this allows attackers to completely compromise the confidentiality of the data; also giving the attacker the advantage of being undetectable by not only traditional security products but also from bug sweep because the SDR device is acting in passive mode.

Severity :

High

Possibility :

Medium

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-49: Password Brute Forcing Password Brute Forcing CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-560: Use of Known Domain Credentials Use of Known Domain Credentials CAPEC-561: Windows Admin Shares with Stolen Credentials Windows Admin Shares with Stolen Credentials CAPEC-600: Credential Stuffing Credential Stuffing CAPEC-653: Use of Known Operating System Credentials Use of Known Operating System Credentials CAPEC-700: Network Boundary Bridging Network Boundary Bridging

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The system uses one factor password based authentication.The adversary has the means to interact with the system.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Low An adversary just needs to gain access to common default usernames/passwords specific to the technologies used by the system. Additionally, a brute force attack leveraging common passwords can be easily realized if the user name is known.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Valid Accounts:Default Accounts

Resources required

Technology or vendor specific list of default usernames and passwords.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-262: Not Using Password Aging

CWE-263: Password Aging with Long Expiration

CWE-308: Use of Single-factor Authentication

CWE-309: Use of Password System for Primary Authentication

CWE-521: Weak Password Requirements

CWE-654: Reliance on a Single Factor in a Security Decision

CWE-798: Use of Hard-coded Credentials

Visit http://capec.mitre.org/ for more details.