Detailedlikelihood: Mediumseverity: MediumDraft

CAPEC-55Rainbow Table Password Cracking

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
Medium

Description

An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.

Related weaknesses· 8

CWE-261CWE-521CWE-262CWE-263CWE-654CWE-916CWE-308CWE-309

MITRE ATT&CK crosswalk· 1

T1110.002: Brute Force:Password Cracking

Related attack patterns· 6

CAPEC-49 (ChildOf)CAPEC-600 (CanPrecede)CAPEC-151 (CanPrecede)CAPEC-560 (CanPrecede)CAPEC-561 (CanPrecede)CAPEC-653 (CanPrecede)

Exploits8

TypeTargetConfidenceTier
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live
WeaknessWeak Encoding for Passwordcwe-261100%live
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessWeak Password Requirementscwe-521100%live
WeaknessUse of Password Hash With Insufficient Computational Effortcwe-916100%live

Related to1

TypeTargetConfidenceTier
SubTechniquePassword Crackingt1110.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Sub-technique
Password Cracking
CAPEC
Password Recovery Exploitation
CAPEC
Password Brute Forcing
CAPEC
Brute Force
CAPEC
SQL Injection
CAPEC
Dictionary-based Password Attack
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.