CWE-262
Not Using Password Aging
The product does not have a mechanism in place for managing password aging.
CVE-2022-22767 (GCVE-0-2022-22767)
Vulnerability from cvelistv5
Published
2022-06-01 16:35
Modified
2024-09-16 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-262 - Not Using Password Aging
Summary
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BD Pyxis\u2122 Anesthesia ES Station",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 CIISafe",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 Logistics",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 MedBank",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 MedStation\u2122 4000",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 MedStation\u2122 ES",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 MedStation\u2122 ES Server",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 ParAssist",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 Rapid Rx",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 StockStation",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 SupplyCenter",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 SupplyRoller",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 SupplyStation\u2122",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 SupplyStation\u2122 EC",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Pyxis\u2122 SupplyStation\u2122 RF auxiliary",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "BD Rowa\u2122 Pouch Packaging Systems",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To exploit this vulnerability, threat actors would have to gain access to the default credentials, infiltrate facility\u2019s network, and gain access to individual devices and/or servers."
}
],
"datePublic": "2022-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Specific BD Pyxis\u2122 products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis\u2122 products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-262",
"description": "CWE-262: Not Using Password Aging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T16:35:38",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"
}
],
"solutions": [
{
"lang": "en",
"value": "BD is currently strengthening our credential management capabilities in BD Pyxis\u2122 products. Service personnel are proactively working with customers whose domain-joined server(s) credentials require updates. BD is currently piloting a credential management solution that is initially targeted for only specific BD Pyxis\u2122 product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade or to applications are being evaluated as part of the overall remediation."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BD Pyxis\u2122 Products \u2013 Default Credentials",
"workarounds": [
{
"lang": "en",
"value": "Limit physical access to only authorized personnel."
},
{
"lang": "en",
"value": "Tightly control management of system passwords provided to authorized users."
},
{
"lang": "en",
"value": "Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed."
},
{
"lang": "en",
"value": "Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@bd.com",
"DATE_PUBLIC": "2022-05-31T15:00:00.000Z",
"ID": "CVE-2022-22767",
"STATE": "PUBLIC",
"TITLE": "BD Pyxis\u2122 Products \u2013 Default Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Pyxis\u2122 Anesthesia ES Station",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 CIISafe",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 Logistics",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedBank",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedStation\u2122 4000",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedStation\u2122 ES",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedStation\u2122 ES Server",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 ParAssist",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 Rapid Rx",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 StockStation",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyCenter",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyRoller",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyStation\u2122",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyStation\u2122 EC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyStation\u2122 RF auxiliary",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Rowa\u2122 Pouch Packaging Systems",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Becton Dickinson (BD)"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "To exploit this vulnerability, threat actors would have to gain access to the default credentials, infiltrate facility\u2019s network, and gain access to individual devices and/or servers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific BD Pyxis\u2122 products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis\u2122 products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-262: Not Using Password Aging"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials",
"refsource": "CONFIRM",
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"
}
]
},
"solution": [
{
"lang": "en",
"value": "BD is currently strengthening our credential management capabilities in BD Pyxis\u2122 products. Service personnel are proactively working with customers whose domain-joined server(s) credentials require updates. BD is currently piloting a credential management solution that is initially targeted for only specific BD Pyxis\u2122 product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade or to applications are being evaluated as part of the overall remediation."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit physical access to only authorized personnel."
},
{
"lang": "en",
"value": "Tightly control management of system passwords provided to authorized users."
},
{
"lang": "en",
"value": "Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed."
},
{
"lang": "en",
"value": "Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2022-22767",
"datePublished": "2022-06-01T16:35:38.991672Z",
"dateReserved": "2022-01-07T00:00:00",
"dateUpdated": "2024-09-16T16:42:50.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1555 (GCVE-0-2023-1555)
Vulnerability from cvelistv5
Published
2023-09-01 10:01
Modified
2025-06-26 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-262 - CWE-862: Missing Authorization
Summary
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T13:38:03.812458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T13:42:38.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #398587",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/398587"
},
{
"name": "HackerOne Bug Bounty Report #1911908",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/1911908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.1.5",
"status": "affected",
"version": "15.2",
"versionType": "semver"
},
{
"lessThan": "16.2.5",
"status": "affected",
"version": "16.2",
"versionType": "semver"
},
{
"lessThan": "16.3.1",
"status": "affected",
"version": "16.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ali_shehab](https://hackerone.com/ali_shehab) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-262",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T04:05:08.621Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #398587",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/398587"
},
{
"name": "HackerOne Bug Bounty Report #1911908",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"broken-link"
],
"url": "https://hackerone.com/reports/1911908"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.3.1, 16.2.5, 16.1.5 or above."
}
],
"title": "Missing Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-1555",
"datePublished": "2023-09-01T10:01:36.711Z",
"dateReserved": "2023-03-22T09:18:21.197Z",
"dateUpdated": "2025-06-26T13:42:38.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2022 (GCVE-0-2023-2022)
Vulnerability from cvelistv5
Published
2023-08-02 08:30
Modified
2025-05-22 04:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-262 - CWE-862: Missing Authorization
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:47:23.774881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:05:11.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #407166",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407166"
},
{
"name": "HackerOne Bug Bounty Report #1936572",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/1936572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.0.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "16.1.3",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "16.2.2",
"status": "affected",
"version": "16.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don\u0027t have access to merge"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-262",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T04:05:13.573Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #407166",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407166"
},
{
"name": "HackerOne Bug Bounty Report #1936572",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"broken-link"
],
"url": "https://hackerone.com/reports/1936572"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."
}
],
"title": "Missing Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2022",
"datePublished": "2023-08-02T08:30:58.187Z",
"dateReserved": "2023-04-13T11:20:22.336Z",
"dateUpdated": "2025-05-22T04:05:13.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- As part of a product's design, require users to change their passwords regularly and avoid reusing previous passwords.
Mitigation
Phase: Implementation
Description:
- Developers might disable clipboard paste operations into password fields as a way to discourage users from pasting a password into a clipboard. However, this might encourage users to choose less-secure passwords that are easier to type, and it can reduce the usability of password managers [REF-1294].
CAPEC-16: Dictionary-based Password Attack
["An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.", "Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don't care about inducing account lockouts."]
CAPEC-49: Password Brute Forcing
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.
CAPEC-509: Kerberoasting
Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.
CAPEC-555: Remote Services with Stolen Credentials
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
CAPEC-560: Use of Known Domain Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
CAPEC-561: Windows Admin Shares with Stolen Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
CAPEC-565: Password Spraying
In a Password Spraying attack, an adversary tries a small list (e.g. 3-5) of common or expected passwords, often matching the target's complexity policy, against a known list of user accounts to gain valid credentials. The adversary tries a particular password for each user account, before moving onto the next password in the list. This approach assists the adversary in remaining undetected by avoiding rapid or frequent account lockouts. The adversary may then reattempt the process with additional passwords, once enough time has passed to prevent inducing a lockout.
CAPEC-600: Credential Stuffing
An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-653: Use of Known Operating System Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.
CAPEC-70: Try Common or Default Usernames and Passwords
An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.