Credential Stuffing
ID: | TEQ-041 |
Phase(s): | Attack Execution |
Tactic(s): | Account Takeover |
An adversary who has a list of credential pairings (i.e. usernames and passwords) will inject them into website login pages in the effort to determine which ones are accepted as legitimate login credentials. The target of such an attack may not be the organisation from which the credentials were initially stolen.