CAPEC-555: Remote Services with Stolen Credentials
ID
CAPEC-555
Typical Severity
Very High
Status
Stable
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-262 | Not Using Password Aging | weakness |
| CWE-263 | Password Aging with Long Expiration | weakness |
| CWE-294 | Authentication Bypass by Capture-replay | weakness |
| CWE-308 | Use of Single-factor Authentication | weakness |
| CWE-309 | Use of Password System for Primary Authentication | weakness |
| CWE-521 | Weak Password Requirements | weakness |
| CWE-522 | Insufficiently Protected Credentials | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| ATTACK | 1021 | Remote Services |
| ATTACK | 1114.002 | Email Collection:Remote Email Collection |
| ATTACK | 1133 | External Remote Services |