CWE-522
Allowed-with-ReviewInsufficiently Protected Credentials
Abstraction: Class · Status: Incomplete
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
1811 vulnerabilities reference this CWE, most recent first.
GHSA-QV37-MFJF-42H8
Vulnerability from github – Published: 2022-10-25 19:00 – Updated: 2022-10-31 16:00The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pulp-ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.15.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3644"
],
"database_specific": {
"cwe_ids": [
"CWE-256",
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-25T22:28:13Z",
"nvd_published_at": "2022-10-25T18:15:00Z",
"severity": "MODERATE"
},
"details": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp\u0027s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. ",
"id": "GHSA-qv37-mfjf-42h8",
"modified": "2022-10-31T16:00:21Z",
"published": "2022-10-25T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3644"
},
{
"type": "WEB",
"url": "https://github.com/pulp/pulp_ansible/issues/1221"
},
{
"type": "WEB",
"url": "https://github.com/pulp/pulp_ansible/commit/d13c427b09482a7f598d8ee597d17a8a34888665"
},
{
"type": "PACKAGE",
"url": "https://github.com/pulp/pulp_ansible"
},
{
"type": "WEB",
"url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Plaintext storage of tokens in pulp_ansible"
}
GHSA-QV6Q-X9VR-W7J3
Vulnerability from github – Published: 2022-02-16 00:01 – Updated: 2023-10-27 19:14Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds.
This allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Pipeline: Groovy Plugin 2656.vf7a_e7b_75a_457 does not allow builds containing password parameters to be replayed.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2648.va9433432b33c"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins.workflow:workflow-cps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2656.vf7a_e7b_75a_457"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25180"
],
"database_specific": {
"cwe_ids": [
"CWE-319",
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-20T22:47:17Z",
"nvd_published_at": "2022-02-15T17:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds.\n\nThis allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.\n\nPipeline: Groovy Plugin 2656.vf7a_e7b_75a_457 does not allow builds containing password parameters to be replayed.",
"id": "GHSA-qv6q-x9vr-w7j3",
"modified": "2023-10-27T19:14:18Z",
"published": "2022-02-16T00:01:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25180"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials"
}
GHSA-QVFV-5H6H-R46W
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:46Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
{
"affected": [],
"aliases": [
"CVE-2019-13421"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-23T14:15:00Z",
"severity": "MODERATE"
},
"details": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.",
"id": "GHSA-qvfv-5h6h-r46w",
"modified": "2024-04-04T01:46:43Z",
"published": "2022-05-24T16:54:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13421"
},
{
"type": "WEB",
"url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"
},
{
"type": "WEB",
"url": "https://search-guard.com/cve-advisory"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QVJR-X8FW-HGHV
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2023-10-27 13:26Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml on the Jenkins controller as part of its configuration.
These credentials can be viewed by users with access to the Jenkins controller file system.
Jenkins TraceTronic ECU-TEST Plugin 2.24 adds a new option type for sensitive options. Previously stored credentials are migrated to that option type on Jenkins startup.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.23.1"
},
"package": {
"ecosystem": "Maven",
"name": "de.tracetronic.jenkins.plugins:ecutest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21612"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-13T18:50:23Z",
"nvd_published_at": "2021-01-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file `de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml` on the Jenkins controller as part of its configuration.\n\nThese credentials can be viewed by users with access to the Jenkins controller file system.\n\nJenkins TraceTronic ECU-TEST Plugin 2.24 adds a new option type for sensitive options. Previously stored credentials are migrated to that option type on Jenkins startup.",
"id": "GHSA-qvjr-x8fw-hghv",
"modified": "2023-10-27T13:26:54Z",
"published": "2022-05-24T17:39:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21612"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/ecutest-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin"
}
GHSA-QVQC-4C52-X6QP
Vulnerability from github – Published: 2026-06-26 22:43 – Updated: 2026-06-26 22:43Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs.
Example attack
A malicious registry serves an OCI image manifest containing a layer descriptor with a urls field pointing to an attacker controlled host:
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:...",
"size": 1024,
"urls": ["https://malicious.example.org/blobs/sha256/..."]
}
When regclient fetches the image and the primary blob request to the registry fails, it falls back to the URLs in the layer descriptor. If the external server requests authentication, regclient would send the credentials for the original registry server.
Timeline
- 2026-05-25: Advisory submitted
- 2026-05-26: Fix released
Credit
Theodoros Lampropoulos, Threat Detection Engineer, Odyssey Cyber Security
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.11.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/regclient/regclient"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49349"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T22:43:31Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs.\n\n## Example attack\n\nA malicious registry serves an OCI image manifest containing a layer descriptor with a `urls` field pointing to an attacker controlled host:\n\n```json\n{\n \"mediaType\": \"application/vnd.oci.image.layer.v1.tar+gzip\",\n \"digest\": \"sha256:...\",\n \"size\": 1024,\n \"urls\": [\"https://malicious.example.org/blobs/sha256/...\"]\n}\n```\n\nWhen regclient fetches the image and the primary blob request to the registry fails, it falls back to the URLs in the layer descriptor. If the external server requests authentication, regclient would send the credentials for the original registry server.\n\n## Timeline\n\n- 2026-05-25: Advisory submitted\n- 2026-05-26: Fix released\n\n## Credit\n\nTheodoros Lampropoulos, Threat Detection Engineer, Odyssey Cyber Security",
"id": "GHSA-qvqc-4c52-x6qp",
"modified": "2026-06-26T22:43:31Z",
"published": "2026-06-26T22:43:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/regclient/regclient/security/advisories/GHSA-qvqc-4c52-x6qp"
},
{
"type": "PACKAGE",
"url": "https://github.com/regclient/regclient"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "regclient may leak authentication credentials to external blob stores"
}
GHSA-QVXH-RXM2-VQ3P
Vulnerability from github – Published: 2024-10-23 00:31 – Updated: 2024-10-23 00:31Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.
{
"affected": [],
"aliases": [
"CVE-2024-43812"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-22T22:15:05Z",
"severity": "HIGH"
},
"details": "Kieback \u0026 Peter\u0027s DDC4000 series\u00a0has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.",
"id": "GHSA-qvxh-rxm2-vq3p",
"modified": "2024-10-23T00:31:44Z",
"published": "2024-10-23T00:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43812"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QW73-X9XV-6CCH
Vulnerability from github – Published: 2025-01-30 00:31 – Updated: 2025-01-31 21:32Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.
{
"affected": [],
"aliases": [
"CVE-2024-57395"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-29T22:15:29Z",
"severity": "CRITICAL"
},
"details": "Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.",
"id": "GHSA-qw73-x9xv-6cch",
"modified": "2025-01-31T21:32:46Z",
"published": "2025-01-30T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57395"
},
{
"type": "WEB",
"url": "https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md"
},
{
"type": "WEB",
"url": "http://www.hzzcka.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXJ7-7WH4-C9PF
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-14019"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:14Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-qxj7-7wh4-c9pf",
"modified": "2026-07-01T15:35:07Z",
"published": "2026-07-01T00:34:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14019"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/517455455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QXPV-RXQ7-RG72
Vulnerability from github – Published: 2023-07-12 18:30 – Updated: 2025-06-09 15:31An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout.
{
"affected": [],
"aliases": [
"CVE-2023-36266"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-12T16:15:12Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout.",
"id": "GHSA-qxpv-rxq7-rg72",
"modified": "2025-06-09T15:31:35Z",
"published": "2023-07-12T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36266"
},
{
"type": "WEB",
"url": "https://docs.keeper.io/en/enterprise-guide/keeper-forcefield"
},
{
"type": "WEB",
"url": "https://docs.keeper.io/en/release-notes/desktop/web-vault-+-desktop-app/vault-release-17.2"
},
{
"type": "WEB",
"url": "https://harkenzo.tlstickle.com/2023-06-12-Keeper-Password-Dumping"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173809/Keeper-Security-Desktop-16.10.2-Browser-Extension-16.5.4-Password-Dumper.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QXWM-C26V-RVWG
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Insufficiently protected credentials in GE HealthCare EchoPAC products
{
"affected": [],
"aliases": [
"CVE-2024-27109"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:15:58Z",
"severity": "HIGH"
},
"details": "Insufficiently protected credentials in GE HealthCare EchoPAC products",
"id": "GHSA-qxwm-c26v-rvwg",
"modified": "2024-05-14T18:31:03Z",
"published": "2024-05-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27109"
},
{
"type": "WEB",
"url": "https://securityupdate.gehealthcare.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Use an appropriate security mechanism to protect the credentials.
Mitigation
Make appropriate use of cryptography to protect the credentials.
Mitigation
Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-474: Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.
CAPEC-509: Kerberoasting
Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-555: Remote Services with Stolen Credentials
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
CAPEC-560: Use of Known Domain Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
CAPEC-561: Windows Admin Shares with Stolen Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
CAPEC-600: Credential Stuffing
An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.
CAPEC-644: Use of Captured Hashes (Pass The Hash)
An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-653: Use of Known Operating System Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.