CAPEC Related Weakness
Dictionary-based Password Attack
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
Password Brute Forcing
CWE-257 Storing Passwords in a Recoverable Format
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
Kerberoasting
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-294 Authentication Bypass by Capture-replay
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-522 Insufficiently Protected Credentials
Rainbow Table Password Cracking
CWE-261 Weak Encoding for Password
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
CWE-916 Use of Password Hash With Insufficient Computational Effort
Remote Services with Stolen Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-294 Authentication Bypass by Capture-replay
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-522 Insufficiently Protected Credentials
Use of Known Domain Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
CWE-1273 Device Unlock Credential Sharing
Windows Admin Shares with Stolen Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-294 Authentication Bypass by Capture-replay
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-522 Insufficiently Protected Credentials
Password Spraying
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
Credential Stuffing
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
Use of Captured Hashes (Pass The Hash)
CWE-294 Authentication Bypass by Capture-replay
CWE-308 Use of Single-factor Authentication
CWE-308 Use of Single-factor Authentication
CWE-522 Insufficiently Protected Credentials
CWE-836 Use of Password Hash Instead of Password for Authentication
Use of Captured Tickets (Pass The Ticket)
CWE-294 Authentication Bypass by Capture-replay
CWE-308 Use of Single-factor Authentication
CWE-522 Insufficiently Protected Credentials
Use of Known Kerberos Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-294 Authentication Bypass by Capture-replay
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
CWE-836 Use of Password Hash Instead of Password for Authentication
Use of Known Operating System Credentials
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-522 Insufficiently Protected Credentials
CWE-654 Reliance on a Single Factor in a Security Decision
Try Common or Default Usernames and Passwords
CWE-262 Not Using Password Aging
CWE-263 Password Aging with Long Expiration
CWE-308 Use of Single-factor Authentication
CWE-309 Use of Password System for Primary Authentication
CWE-521 Weak Password Requirements
CWE-654 Reliance on a Single Factor in a Security Decision
CWE-798 Use of Hard-coded Credentials