Standardlikelihood: Highseverity: HighDraft

CAPEC-653Use of Known Operating System Credentials

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System. Metadata: standard CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 2 more). Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 7

CWE-522CWE-307CWE-308CWE-309CWE-262CWE-263CWE-654

Related attack patterns· 2

CAPEC-560 (ChildOf)CAPEC-151 (CanPrecede)

Exploits7

TypeTargetConfidenceTier
WeaknessReliance on a Single Factor in a Security Decisioncwe-654100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-307100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live
WeaknessInsufficiently Protected Credentialscwe-522100%live
WeaknessUse of Single-factor Authenticationcwe-308100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Use of Known Domain Credentials
CAPEC
Use of Known Kerberos Credentials
CAPEC
Windows Admin Shares with Stolen Credentials
CAPEC
Credential Prompt Impersonation
CAPEC
Capture Credentials via Keylogger
CAPEC
Remote Services with Stolen Credentials
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.