Credential Harvesting
Dictionary Term
- Compile bibliography
Alternative Forms
Definitions
Definition 1
Credential harvesting designates a class of attacks characterized by the collection of identity attributes and credentials with the objective of compromising their linked identities.
Credential harvesting may be subdivided into two subclasses:
Credential harvesting in the reconnaissance phase of an attack where identity attributes such as email addresses or login ids are guessed or collected from available data sources. Often, the confidentiality of these identity attributes cannot be effectively assured but they are not sufficient to exploit the identities.
Credential harvesting in preparation for the exploitation phase of an attack where identity attributes or credentials such as passwords or session tokens are collected to enable the compromise of identities.
Example identity attributes or credentials that may be collected as part of credential harvesting are:
Certificates
Email address
Login ID
Password
Password hash
Session token (in web cookies or parameters)
Example classes of actors who may engage in credential harvesting:
Bots
Humans
Worms (ex: Nimba)
Example data sources used to harvest credentials:
Configuration files (e.g. plaintext passwords)
Documents (e.g. email addresses, login ids, passwords)
Email or application services that allow guessing attributes/dictionary attacks
In-memory data (e.g. login ids, plaintext passwords, session tokens)
People (through social engineering)
Phishing websites (e.g. login ids, passwords, second authentication factor)
Web sites and forums (e.g. email addresses via web scraping)
Example countermeasures against credential harvesting comprise:
Canary identities
Disabling credential caching
Sample Sentences
Conceptual Diagram
Related Terms
Quotes
Bibliography
①
②
③
④
⑤
⑥
⑦
⑧
See Also
-
Bradley, 2019 (Bibliography)
-
Credential Harvesting (Dictionary)
-
Nemeth et al., 2011 (Bibliography)
