Exploited Identity (Dictionary Entry)
- David Doret
Contexts | IAM, Information Security |
|---|---|
Term | Exploited Identity |
Alternative Forms |
|
Definitions | An identity that has been exploited by an unauthorized agent. That is to say, an unauthorized agent has used credential linked to the identity to bypass access controls. The exploitation of an identity may or may not be known by the identity owner entity. |
Examples | When the password credential of an identity has been leaked, the identity has been compromised. This is independent of the fact that an unauthorized entity has exploited the leaked password to gain unauthorized access to resources. Later on, if an unauthorized entity uses the leaked password to bypass access controls, the identity and the accessed resources become exploited. |
Related Terms |
|
Quotes
Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Bibliography
See Also
-
Exploited Identity (Dictionary Entry) (Dictionary)
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
