Standardlikelihood: Mediumseverity: HighDraft

CAPEC-49Password Brute Forcing

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.

Related weaknesses· 8

CWE-521CWE-262CWE-263CWE-257CWE-654CWE-307CWE-308CWE-309

MITRE ATT&CK crosswalk· 1

T1110.001: Brute Force:Password Guessing

Related attack patterns· 6

CAPEC-112 (ChildOf)CAPEC-600 (CanPrecede)CAPEC-151 (CanPrecede)CAPEC-560 (CanPrecede)CAPEC-561 (CanPrecede)CAPEC-653 (CanPrecede)

Exploits8

TypeTargetConfidenceTier
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessStoring Passwords in a Recoverable Formatcwe-257100%live
WeaknessWeak Password Requirementscwe-521100%live
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-307100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live

Related to1

TypeTargetConfidenceTier
SubTechniquePassword Guessingt1110.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Brute Force
CAPEC
Encryption Brute Forcing
CAPEC
Try Common or Default Usernames and Passwords
CAPEC
Authentication Abuse
CAPEC
Rainbow Table Password Cracking
CAPEC
Password Recovery Exploitation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.