Detailedlikelihood: Highseverity: HighDraft

CAPEC-565Password Spraying

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-521, CWE-262, CWE-263, CWE-654, CWE-307 (and 2 more). Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object] (and 2 more).

Related weaknesses· 7

CWE-521CWE-262CWE-263CWE-654CWE-307CWE-308CWE-309

MITRE ATT&CK crosswalk· 1

T1110.003: Brute Force:Password Spraying

Related attack patterns· 6

CAPEC-49 (ChildOf)CAPEC-600 (CanPrecede)CAPEC-151 (CanPrecede)CAPEC-560 (CanPrecede)CAPEC-561 (CanPrecede)CAPEC-653 (CanPrecede)

Exploits7

TypeTargetConfidenceTier
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-307100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessWeak Password Requirementscwe-521100%live
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessNot Using Password Agingcwe-262100%live

Related to1

TypeTargetConfidenceTier
SubTechniquePassword Sprayingt1110.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Dictionary-based Password Attack
CAPEC
Credential Stuffing
CAPEC
Use of Known Domain Credentials
CAPEC
Password Brute Forcing
CAPEC
Password Recovery Exploitation
CAPEC
Capture Credentials via Keylogger
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.