| Dictionary-based Password Attack |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
| Password Brute Forcing |
|
CWE-257
|
Storing Passwords in a Recoverable Format
|
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
| Kerberoasting |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
| Rainbow Table Password Cracking |
|
CWE-261
|
Weak Encoding for Password
|
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
CWE-916
|
Use of Password Hash With Insufficient Computational Effort
|
|
| Remote Services with Stolen Credentials |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
| Use of Known Domain Credentials |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
CWE-1273
|
Device Unlock Credential Sharing
|
|
| Windows Admin Shares with Stolen Credentials |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
| Password Spraying |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
| Credential Stuffing |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
| Use of Captured Hashes (Pass The Hash) |
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication
|
|
| Use of Captured Tickets (Pass The Ticket) |
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
| Use of Known Kerberos Credentials |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication
|
|
| Use of Known Operating System Credentials |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
| Try Common or Default Usernames and Passwords |
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
CWE-798
|
Use of Hard-coded Credentials
|
|