CAPEC Related Weakness
Password Brute Forcing
CWE-257 Storing Passwords in a Recoverable Format
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
Password Spraying
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
Use of Known Windows Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
Dictionary-based Password Attack
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
Use of Known Domain Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
CWE-1273 Device Unlock Credential Sharing
Credential Stuffing
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
Use of Known Kerberos Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-294 Authentication Bypass by Capture-replay
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
CWE-836 Use of Password Hash Instead of Password for Authentication