Windows Admin Shares with Stolen Credentials |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-521
|
Weak Password Requirements
|
CWE-522
|
Insufficiently Protected Credentials
|
|
Use of Captured Hashes (Pass The Hash) |
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication
|
|
Modify Existing Service |
CWE-284
|
Improper Access Control
|
CWE-522
|
Insufficiently Protected Credentials
|
|
Use of Known Windows Credentials |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
Signature Spoofing by Key Theft |
CWE-522
|
Insufficiently Protected Credentials
|
|
Password Recovery Exploitation |
CWE-522
|
Insufficiently Protected Credentials
|
CWE-640
|
Weak Password Recovery Mechanism for Forgotten Password
|
CWE-718
|
OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
|
|
Kerberoasting |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-521
|
Weak Password Requirements
|
CWE-522
|
Insufficiently Protected Credentials
|
|
Remote Services with Stolen Credentials |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-521
|
Weak Password Requirements
|
CWE-522
|
Insufficiently Protected Credentials
|
|
Use of Known Domain Credentials |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
CWE-1273
|
Device Unlock Credential Sharing
|
|
Session Sidejacking |
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-523
|
Unprotected Transport of Credentials
|
CWE-614
|
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
|
Credential Stuffing |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
Use of Captured Tickets (Pass The Ticket) |
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-522
|
Insufficiently Protected Credentials
|
|
Use of Known Kerberos Credentials |
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication
|
|