Common Weakness Enumeration

CWE-307

Allowed

Improper Restriction of Excessive Authentication Attempts

Abstraction: Base · Status: Draft

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

905 vulnerabilities reference this CWE, most recent first.

GHSA-9528-X887-J2FP

Vulnerability from github – Published: 2026-03-31 23:59 – Updated: 2026-04-06 22:53
VLAI
Summary
OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication
Details

Summary

Nextcloud Talk webhook signature failures were not throttled even though the integration relies on an operator-configured shared secret that may be weak.

Impact

An attacker who could reach the webhook endpoint could brute-force weak secrets online and then forge inbound webhook events.

Affected Component

extensions/nextcloud-talk/src/monitor.ts

Fixed Versions

  • Affected: <= 2026.3.24
  • Patched: >= 2026.3.28
  • Latest stable 2026.3.28 contains the fix.

Fix

Fixed by commit e403decb6e (nextcloud-talk: throttle repeated webhook auth failures).

OpenClaw thanks @AntAISecurityLab for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.24"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33580"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T23:59:17Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nNextcloud Talk webhook signature failures were not throttled even though the integration relies on an operator-configured shared secret that may be weak.\n\n## Impact\n\nAn attacker who could reach the webhook endpoint could brute-force weak secrets online and then forge inbound webhook events.\n\n## Affected Component\n\n`extensions/nextcloud-talk/src/monitor.ts`\n\n## Fixed Versions\n\n- Affected: `\u003c= 2026.3.24`\n- Patched: `\u003e= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `e403decb6e` (`nextcloud-talk: throttle repeated webhook auth failures`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.",
  "id": "GHSA-9528-x887-j2fp",
  "modified": "2026-04-06T22:53:25Z",
  "published": "2026-03-31T23:59:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "OpenClaw\u0027s Nextcloud Talk webhook missing rate limiting on shared secret authentication"
}

GHSA-9598-6RG8-G969

Vulnerability from github – Published: 2026-06-06 06:30 – Updated: 2026-06-06 06:30
VLAI
Details

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.

This issue affects MyRezzta: from s2.03.01 before v2.05.01.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-03T09:15:34Z",
    "severity": "HIGH"
  },
  "details": "Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.\n\nThis issue affects MyRezzta: from s2.03.01 before v2.05.01.",
  "id": "GHSA-9598-6rg8-g969",
  "modified": "2026-06-06T06:30:27Z",
  "published": "2026-06-06T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2415"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-25-0205"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9825-85H5-5W5P

Vulnerability from github – Published: 2022-09-09 00:01 – Updated: 2022-09-14 00:00
VLAI
Details

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-08T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.",
  "id": "GHSA-9825-85h5-5w5p",
  "modified": "2022-09-14T00:00:46Z",
  "published": "2022-09-09T00:01:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37145"
    },
    {
      "type": "WEB",
      "url": "https://www.controlgap.com/blog/a-plextrac-story"
    },
    {
      "type": "WEB",
      "url": "http://plextrac.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99F7-HP6J-V6Q4

Vulnerability from github – Published: 2025-07-16 12:30 – Updated: 2025-07-18 17:23
VLAI
Summary
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
Details

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.glassfish.main.admingui:console-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "7.0.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-9342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-18T17:23:26Z",
    "nvd_published_at": "2025-07-16T11:15:23Z",
    "severity": "MODERATE"
  },
  "details": "In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.",
  "id": "GHSA-99f7-hp6j-v6q4",
  "modified": "2025-07-18T17:23:26Z",
  "published": "2025-07-16T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9342"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eclipse-ee4j/glassfish"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/33"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts"
}

GHSA-99F8-8X85-W7XG

Vulnerability from github – Published: 2023-04-13 21:30 – Updated: 2024-04-04 03:27
VLAI
Details

BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-13T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.",
  "id": "GHSA-99f8-8x85-w7xg",
  "modified": "2024-04-04T03:27:17Z",
  "published": "2023-04-13T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27746"
    },
    {
      "type": "WEB",
      "url": "https://blackvue.com"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eyJhb/blackvue-cve-2022"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eyJhb/blackvue-cve-2023"
    },
    {
      "type": "WEB",
      "url": "https://shop.blackvue.com/product/dr750-2ch-ir-lte"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HCR-9HCV-X6PV

Vulnerability from github – Published: 2023-04-10 16:37 – Updated: 2025-03-07 19:09
VLAI
Summary
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Details

Impact

Lack of rate limiting will allow an attacker to brute-force user credentials.

Patches

Ability to enable rate limiting on Flask-AppBuilder >= 4.3.0. Use AUTH_RATE_LIMITED = True and RATELIMIT_ENABLED = True set the limit itself by using AUTH_RATE_LIMIT. Will apply only to database authentication.

Workarounds

Implement rate limiting using a reverse proxy or other strategies.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Flask-AppBuilder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-10T16:37:40Z",
    "nvd_published_at": "2023-04-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nLack of rate limiting will allow an attacker to brute-force user credentials.\n\n### Patches\nAbility to enable rate limiting on Flask-AppBuilder \u003e=  4.3.0. Use `AUTH_RATE_LIMITED = True` and `RATELIMIT_ENABLED = True` set the limit itself by using `AUTH_RATE_LIMIT`. Will apply only to database authentication.\n\n### Workarounds\nImplement rate limiting using a reverse proxy or other strategies.",
  "id": "GHSA-9hcr-9hcv-x6pv",
  "modified": "2025-03-07T19:09:34Z",
  "published": "2023-04-10T16:37:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29005"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/pull/1976"
    },
    {
      "type": "WEB",
      "url": "https://flask-limiter.readthedocs.io/en/stable/configuration.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Flask-AppBuilder Has No Rate Limiting on Login AUTH DB"
}

GHSA-9HP3-3V8X-GVHX

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2026-06-02 21:30
VLAI
Details

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= 14 and V < XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-09T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions \u003e= 14 and V \u003c XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.",
  "id": "GHSA-9hp3-3v8x-gvhx",
  "modified": "2026-06-02T21:30:30Z",
  "published": "2022-05-24T17:27:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15786"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JH8-XH9X-6W7F

Vulnerability from github – Published: 2026-03-03 21:31 – Updated: 2026-03-03 21:31
VLAI
Details

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T20:16:43Z",
    "severity": "MODERATE"
  },
  "details": "IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.",
  "id": "GHSA-9jh8-xh9x-6w7f",
  "modified": "2026-03-03T21:31:16Z",
  "published": "2026-03-03T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36363"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7261934"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JW5-JRMV-GMVG

Vulnerability from github – Published: 2023-06-01 21:30 – Updated: 2024-04-04 04:28
VLAI
Details

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-01T20:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.",
  "id": "GHSA-9jw5-jrmv-gmvg",
  "modified": "2024-04-04T04:28:02Z",
  "published": "2023-06-01T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33754"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9M95-X9FM-78HH

Vulnerability from github – Published: 2024-02-16 12:30 – Updated: 2024-08-29 15:30
VLAI
Details

Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-16T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "\nDell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.\n\n",
  "id": "GHSA-9m95-x9fm-78hh",
  "modified": "2024-08-29T15:30:30Z",
  "published": "2024-02-16T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22425"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Common protection mechanisms include:
  • Disconnecting the user after a small number of failed attempts
  • Implementing a timeout
  • Locking out a targeted account
  • Requiring a computational task on the user's part.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]
CAPEC-16: Dictionary-based Password Attack

An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.

Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don't care about inducing account lockouts.

CAPEC-49: Password Brute Forcing

An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.

CAPEC-560: Use of Known Domain Credentials

An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.

CAPEC-565: Password Spraying

In a Password Spraying attack, an adversary tries a small list (e.g. 3-5) of common or expected passwords, often matching the target's complexity policy, against a known list of user accounts to gain valid credentials. The adversary tries a particular password for each user account, before moving onto the next password in the list. This approach assists the adversary in remaining undetected by avoiding rapid or frequent account lockouts. The adversary may then reattempt the process with additional passwords, once enough time has passed to prevent inducing a lockout.

CAPEC-600: Credential Stuffing

An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.

CAPEC-652: Use of Known Kerberos Credentials

An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.

CAPEC-653: Use of Known Operating System Credentials

An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.