Password Spraying Attack
Alternative Forms
Low and Slow Attack
Spray-Password Attack
Definitions
Definition 1
From commonly used passwords. Or built from public sources on system users, e.g. employees.
Contrast with Password Brute-Force Attack.
Preferred or targets:
Systems using Single Sign-On (SSO) to gain access to multiple resources
Systems using federated authentication protocols as this may help to avoid detection
Email accounts
Password Spraying may be used as an initial attack and/or for lateral movement.
Possible countermeasures:
Alternatives to password authentication
Multi-Factor Authentication (MFA)
Password complexity
Related Terms
Attack
HyperonymBrute Force Attack
HyperonymCredential Stuffing
HyponymHeap Spraying
Password
...