Standardlikelihood: Mediumseverity: HighDraft

CAPEC-652Use of Known Kerberos Credentials

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain. Metadata: standard CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 4 more). Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 9

CWE-522CWE-307CWE-308CWE-309CWE-262CWE-263CWE-654CWE-294CWE-836

MITRE ATT&CK crosswalk· 1

T1558: Steal or Forge Kerberos Tickets

Related attack patterns· 2

CAPEC-560 (ChildOf)CAPEC-151 (CanPrecede)

Exploits9

TypeTargetConfidenceTier
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessAuthentication Bypass by Capture-replaycwe-294100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live
WeaknessUse of Password Hash Instead of Password for Authenticationcwe-836100%live
WeaknessInsufficiently Protected Credentialscwe-522100%live
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-307100%live
WeaknessNot Using Password Agingcwe-262100%live

Related to1

TypeTargetConfidenceTier
TechniqueSteal or Forge Kerberos Ticketst1558100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Use of Known Domain Credentials
CAPEC
Use of Known Operating System Credentials
CAPEC
Use of Captured Tickets (Pass The Ticket)
CAPEC
Kerberoasting
CAPEC
Capture Credentials via Keylogger
CAPEC
Windows Admin Shares with Stolen Credentials
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.