H3-2020-0020¶

Credential Reuse Identified

Description¶

Credential reuse is described as using the same password against many different systems, services or accounts. It provides an attacker a shortcut to maneuvering throughout a network environment.

Impact¶

The reuse of a password instantly provides an attacker with authentication to access disparate systems without triggering any alarm of a breach.

References¶

• CWE-255: Credentials Management Errors
• Credential stuffing explained: How to prevent, detect and defend against it
• MITRE ATT&CK Technique: T1110.004: Brute Force: Credential Stuffing
• MITRE ATT&CK Technique: T1078: Valid Accounts