Detailedlikelihood: Mediumseverity: HighDraft

CAPEC-16Dictionary-based Password Attack

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
High

Description

Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-521, CWE-262, CWE-263, CWE-654, CWE-307 (and 2 more). Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object] (and 2 more). Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-521, CWE-262, CWE-263, CWE-654, CWE-307 (and 2 more). Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object] (and 2 more).

Related weaknesses· 7

CWE-521CWE-262CWE-263CWE-654CWE-307CWE-308CWE-309

Related attack patterns· 6

CAPEC-49 (ChildOf)CAPEC-600 (CanPrecede)CAPEC-151 (CanPrecede)CAPEC-560 (CanPrecede)CAPEC-561 (CanPrecede)CAPEC-653 (CanPrecede)

Exploits7

TypeTargetConfidenceTier
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessWeak Password Requirementscwe-521100%live
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-307100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Password Spraying
CAPEC
Server Side Request Forgery
CAPEC
Password Brute Forcing
CAPEC
Encryption Brute Forcing
CAPEC
DEPRECATED: Dump Password Hashes
CAPEC
Exploitation of Trusted Identifiers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.