CWE-307
AllowedImproper Restriction of Excessive Authentication Attempts
Abstraction: Base · Status: Draft
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
905 vulnerabilities reference this CWE, most recent first.
GHSA-C55X-J339-WQ86
Vulnerability from github – Published: 2024-11-12 15:30 – Updated: 2024-11-12 15:30A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-11126"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T15:15:06Z",
"severity": "LOW"
},
"details": "A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-c55x-j339-wq86",
"modified": "2024-11-12T15:30:43Z",
"published": "2024-11-12T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11126"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.283974"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.283974"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.437096"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C69X-5XMW-V44X
Vulnerability from github – Published: 2024-03-06 15:25 – Updated: 2025-04-10 23:07Summary
Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server.
Details
The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access over the.
PoC
- Capture login request in proxy tool like Burp Suite and select password field.
- Here I have started attack with total number of 271 password tries where the last one is the correct password and as we can see in the following image we get a 400 Bad Request status code with the message "Invalid Password" and response length 769 on 1st request which was sent at Tue, 16 Jan 2024 18:31:32 GMT

Note: We have tested this vulnerability with more than 3400 tries. We have used 271 request counts just for demo purposes.
- Here the attack is completed and we can see in the following image we get 200 OK status code with the message "Ok" and response length 1509 on 271st request which was sent at Tue, 16 Jan 2024 18:32:01 GMT.

This means attacker can try 271 requests in 56 seconds.
Impact
This vulnerability allows attackers to get super user-level access over the server.
Mitigation
It is recommended to implement a proper rate-limiting mechanism on the server side where the configuration might be like: If a specific IP address fails to login more than 5 times concurrently then that IP address must be blocked for at least 30 seconds. This will reduce the possibility of password brute-forcing attacks.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/IceWhaleTech/CasaOS-UserService"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.4.3"
},
{
"fixed": "0.4.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24767"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-06T15:25:08Z",
"nvd_published_at": "2024-03-06T18:15:46Z",
"severity": "HIGH"
},
"details": "### Summary\nHere it is observed that the CasaOS doesn\u0027t defend against password brute force attacks, which leads to having full access to the server.\n\n### Details\nThe web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access over the.\n\n### PoC\n1. Capture login request in proxy tool like Burp Suite and select password field.\n\n\n\n2. Here I have started attack with total number of 271 password tries where the last one is the correct password and as we can see in the following image we get a **400 Bad Request** status code with the message \"**Invalid Password**\" and response length **769** on 1st request which was sent at **_Tue, 16 Jan 2024 18:31:32 GMT_**\n\n\n\n**Note**: _We have tested this vulnerability with more than 3400 tries. We have used 271 request counts just for demo purposes._\n\n\n3. Here the attack is completed and we can see in the following image we get **200 OK** status code with the message \"**Ok**\" and response length **1509** on 271st request which was sent at **_Tue, 16 Jan 2024 18:32:01 GMT_**.\n\n\n\nThis means attacker can try 271 requests in 56 seconds.\n\n### Impact\nThis vulnerability allows attackers to get super user-level access over the server.\n\n\n### Mitigation\nIt is recommended to implement a proper rate-limiting mechanism on the server side where the configuration might be like:\nIf a specific IP address fails to login more than 5 times concurrently then that IP address must be blocked for at least 30 seconds. This will reduce the possibility of password brute-forcing attacks.",
"id": "GHSA-c69x-5xmw-v44x",
"modified": "2025-04-10T23:07:21Z",
"published": "2024-03-06T15:25:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24767"
},
{
"type": "WEB",
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699"
},
{
"type": "PACKAGE",
"url": "https://github.com/IceWhaleTech/CasaOS-UserService"
},
{
"type": "WEB",
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2614"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability"
}
GHSA-C6GR-MFC7-Q7H7
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.
{
"affected": [],
"aliases": [
"CVE-2018-12649"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-22T14:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.",
"id": "GHSA-c6gr-mfc7-q7h7",
"modified": "2022-05-13T01:49:37Z",
"published": "2022-05-13T01:49:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12649"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/commit/6ffacc1e239930e0e8464d0ca16e432e26cf36a9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C7Q6-PRXW-FGX7
Vulnerability from github – Published: 2024-01-22 18:31 – Updated: 2024-01-22 18:31The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
{
"affected": [],
"aliases": [
"CVE-2022-45790"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-22T18:15:19Z",
"severity": "HIGH"
},
"details": "The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.",
"id": "GHSA-c7q6-prxw-fgx7",
"modified": "2024-01-22T18:31:16Z",
"published": "2024-01-22T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45790"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05"
},
{
"type": "WEB",
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access"
},
{
"type": "WEB",
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C83P-437R-FPV6
Vulnerability from github – Published: 2022-05-25 00:00 – Updated: 2022-06-09 00:00A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.
{
"affected": [],
"aliases": [
"CVE-2013-10004"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-24T16:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.",
"id": "GHSA-c83p-437r-fpv6",
"modified": "2022-06-09T00:00:19Z",
"published": "2022-05-25T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-10004"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.12790"
},
{
"type": "WEB",
"url": "http://www.modzero.ch/advisories/MZ-13-07_SAMwin_Collisions.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C875-CGWJ-4FJW
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
{
"affected": [],
"aliases": [
"CVE-2021-42096"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-21T01:15:00Z",
"severity": "MODERATE"
},
"details": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.",
"id": "GHSA-c875-cgwj-4fjw",
"modified": "2022-05-24T19:18:31Z",
"published": "2022-05-24T19:18:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42096"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/mailman/+bug/1947639"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4991"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C8VC-VJPF-2FPH
Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2022-05-17 19:57The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID.
{
"affected": [],
"aliases": [
"CVE-2014-2875"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-06T16:15:00Z",
"severity": "MODERATE"
},
"details": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID.",
"id": "GHSA-c8vc-vjpf-2fph",
"modified": "2022-05-17T19:57:24Z",
"published": "2022-05-17T19:57:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2875"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C8XV-5VHV-HV2H
Vulnerability from github – Published: 2022-06-09 00:00 – Updated: 2022-06-22 00:00An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
{
"affected": [],
"aliases": [
"CVE-2022-28384"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-08T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0.",
"id": "GHSA-c8xv-5vhv-hv2h",
"modified": "2022-06-22T00:00:54Z",
"published": "2022-06-09T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28384"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.txt"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.txt"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Cryptography-Issue.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Jun/17"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Jun/8"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C9VG-RVHJ-XXHH
Vulnerability from github – Published: 2026-02-07 21:30 – Updated: 2026-02-07 21:30A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-2110"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-07T20:15:56Z",
"severity": "MODERATE"
},
"details": "A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack\u0027s complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-c9vg-rvhj-xxhh",
"modified": "2026-02-07T21:30:18Z",
"published": "2026-02-07T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2110"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.344686"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.344686"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.746251"
},
{
"type": "WEB",
"url": "https://www.websecurityinsights.my.id/2026/01/swiftbuy-v-10-loginphp-no-limit-to.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CCVQ-2HFM-57F3
Vulnerability from github – Published: 2024-01-11 21:31 – Updated: 2024-01-19 15:30The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state.
{
"affected": [],
"aliases": [
"CVE-2023-50123"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-11T21:15:10Z",
"severity": "HIGH"
},
"details": "The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state.",
"id": "GHSA-ccvq-2hfm-57f3",
"modified": "2024-01-19T15:30:18Z",
"published": "2024-01-11T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50123"
},
{
"type": "WEB",
"url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Common protection mechanisms include:
- Disconnecting the user after a small number of failed attempts
- Implementing a timeout
- Locking out a targeted account
- Requiring a computational task on the user's part.
Mitigation MIT-4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]
CAPEC-16: Dictionary-based Password Attack
An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.
Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don't care about inducing account lockouts.
CAPEC-49: Password Brute Forcing
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.
CAPEC-560: Use of Known Domain Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
CAPEC-565: Password Spraying
In a Password Spraying attack, an adversary tries a small list (e.g. 3-5) of common or expected passwords, often matching the target's complexity policy, against a known list of user accounts to gain valid credentials. The adversary tries a particular password for each user account, before moving onto the next password in the list. This approach assists the adversary in remaining undetected by avoiding rapid or frequent account lockouts. The adversary may then reattempt the process with additional passwords, once enough time has passed to prevent inducing a lockout.
CAPEC-600: Credential Stuffing
An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-653: Use of Known Operating System Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.