Exploited Identity (Dictionary Entry)

Contexts

IAM, Information Security

Term

Exploited Identity

Alternative Forms

  • Exploited Account

  • Exploited Credential

  • Exploited Identity

Definitions

An identity that has been exploited by an unauthorized agent. That is to say, an unauthorized agent has used credential linked to the identity to bypass access controls.

The exploitation of an identity may or may not be known by the identity owner entity.

Examples

When the password credential of an identity has been leaked, the identity has been compromised. This is independent of the fact that an unauthorized entity has exploited the leaked password to gain unauthorized access to resources. Later on, if an unauthorized entity uses the leaked password to bypass access controls, the identity and the accessed resources become exploited.

Related Terms

Quotes

Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.

Bibliography

See Also


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.