A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks.
- Threat actor has a stolen username and password pair for a vulnerable
- Threat actor uses the same pair for other websites
Vary
- Gain unauthorized access
- Increase the password length
- Increase password complexity
- Limit login attempts
- Implement captcha
- Multi-factor authentication
8456e95b-dae6-44ff-bb2b-75a37e16c0c7