Skip to content

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks

License

Notifications You must be signed in to change notification settings

qeeqbox/credential-stuffing

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 

Repository files navigation

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks.

Example #1

  1. Threat actor has a stolen username and password pair for a vulnerable
  2. Threat actor uses the same pair for other websites

Impact

Vary

Risk

  • Gain unauthorized access

Redemption

  • Increase the password length
  • Increase password complexity
  • Limit login attempts
  • Implement captcha
  • Multi-factor authentication

ID

8456e95b-dae6-44ff-bb2b-75a37e16c0c7

References

About

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Sponsor this project