Standardlikelihood: Highseverity: HighStable

CAPEC-600Credential Stuffing

Abstraction
Standard
Status
Stable
Likelihood
High
Severity
High

Description

Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 2 more). Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Object], [object Object], [object Object]. Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 2 more). Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Object], [object Object], [object Object].

Related weaknesses· 7

CWE-522CWE-307CWE-308CWE-309CWE-262CWE-263CWE-654

MITRE ATT&CK crosswalk· 1

T1110.004: Brute Force:Credential Stuffing

Related attack patterns· 3

CAPEC-560 (ChildOf)CAPEC-151 (CanPrecede)CAPEC-653 (CanPrecede)

Exploits7

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-522100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-307100%live
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueCredential Stuffingt1110.004100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Use of Known Domain Credentials
CAPEC
Password Spraying
CAPEC
Credential Prompt Impersonation
CAPEC
Exploitation of Trusted Identifiers
CAPEC
Use of Known Operating System Credentials
CAPEC
Server Side Request Forgery
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.