Password Spraying Attack
| Table of Contents | ||
|---|---|---|
|
...
A Password Spraying Attack is an a brute force attack technique targeting password-protected systems. Given a large user population, it is highly probably that some passwords are weak. Exploiting this weakness, the Password Spraying Attack consists in using commonly used passwords or plausible passwords built by combinations from publicly available information related to the system users (e.g. employees). A rotation scheme on a large set of identities is then used to try these passwords in turn.
...
Alternatives to password authentication
Audits to reveal and address weak passwords
Intrusion Detection Systems (IDS)
Intrusion Prevention Systems (IPS)
Multi-Factor Authentication (MFA)
Multi-Step Verification (MSV)
Password complexity
Sample Sentence
Alice was running a successful online shop with thousands of clients. The online shop used password-based single-factor authentication. Eve used a robot to web scrap the public profiles of the online shop and build a database of plausible passwords. She then launched a Password Spray Attack and quickly found a few hundreds valid passwords. She then used Bob as a mule to transfer to steal money using the credit card information of the shop customers.
Conceptual Diagram
Definition 2
...