New We plan on releasing bi-monthly edits and updates to the OS-CFDB project! Please check out the search function!

Insecure Credential Storage

4

VSR

6.0 – 7.9

CVSS

High

Risk

OS-CFDB-1004

ID

Finding MITRE ATT&CK Corelation

Name Tactic ID Link
Credentials in Files Credential Access T1081 https://attack.mitre.org/wiki/Technique/T1081

Finding Metadata

Finding Service(s)

Service
Internal Penetration Testing
External Penetration Testing

NIST 800-53 Control(s)

NIST
SI-13

Finding Development

Author Name Twitter Handle Email Created Updated

Technical Information

Description

The technical overview of a finding, not meant to be all-inclusive.

The assessment team discovered storage of high-value accounts in a clear text format. Storing credentials of this nature in clear text is a severe security risk, allowing an attacker to gain access to credentials with ease. While allowing an attacker to use these credentials to compromise applications or systems of interest under the user context of the affected account.

Impact

How a finding result will affect an organization.

Insecure credentials allow an attacker to Impersonate a legitimate user, breaking the authenticity of the system logging. Compromise of the host system could lead to malicious commands and actions to go unnoticed due to the privilege level of the account.

Recommendation

Current plan of action recomended.

Implement a review process for files and systems to look for cleartext account credentials. Secure all passwords with a centralized or independent password manager that meets business requirements.