Skip to content
/ credential-stuffing Public

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks

License

AGPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/credential-stuffing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
credential-stuffing.drawio
credential-stuffing.drawio
 
 
credential-stuffing.png
credential-stuffing.png
 
 

Repository files navigation

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks.

Example #1

  1. Threat actor has a stolen username and password pair for a vulnerable
  2. Threat actor uses the same pair for other websites

Impact

Vary

Risk

  • Gain unauthorized access

Redemption

  • Increase the password length
  • Increase password complexity
  • Limit login attempts
  • Implement captcha
  • Multi-factor authentication

ID

8456e95b-dae6-44ff-bb2b-75a37e16c0c7

References

About

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks

Topics

visualization credentials example vulnerability metadta stuffing qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors