CAPEC-555

Remote Services with Stolen Credentials
Stable
2015-11-09 00:00 +00:00
2022-09-29 00:00 +00:00

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.

Informations

Mitigations

Disable RDP, telnet, SSH and enable firewall rules to block such traffic. Limit users and accounts that have remote interactive login access. Remove the Local Administrators group from the list of groups allowed to login through RDP. Limit remote user permissions. Use remote desktop gateways and multifactor authentication for remote logins.

Related Weaknesses

CWE-ID Weakness Name
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-308 Use of Single-factor Authentication
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
CWE-309 Use of Password System for Primary Authentication
The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-263 Password Aging with Long Expiration
The product supports password aging, but the expiration period is too long.
CWE-262 Not Using Password Aging
The product does not have a mechanism in place for managing password aging.
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Severity
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated @Abstraction, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.