CWE-309 - CERT CVE

CWE-309 - Use of Password System for Primary Authentication

The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

CAPEC ID Naziv
CAPEC-16 Dictionary-based Password Attack
CAPEC-49 Password Brute Forcing
CAPEC-509 Kerberoasting
CAPEC-55 Rainbow Table Password Cracking
CAPEC-555 Remote Services with Stolen Credentials
CAPEC-560 Use of Known Domain Credentials
CAPEC-561 Windows Admin Shares with Stolen Credentials
CAPEC-565 Password Spraying
CAPEC-600 Credential Stuffing
CAPEC-652 Use of Known Kerberos Credentials
CAPEC-653 Use of Known Windows Credentials
CAPEC-70 Try Common or Default Usernames and Passwords