Compromised Identity (Dictionary Entry)
Contexts | IAM, Information Security |
---|---|
Term | Compromised Identity |
Alternative Forms |
|
Definitions | An identity whose credentials are no longer reliable because they have been exposed. It may or may not have been exploited by an unauthorized entity, or its exploitation status may be unknown. But it is suspected of being exploitable with higher probability because of the exposure of its credentials. |
Examples | When the password credential of an identity has been leaked, the identity has been compromised. This is independent of the fact that an unauthorized entity has exploited the leaked password to gain unauthorized access to resources. Later on, if an unauthorized entity uses the leaked password to bypass access controls, the identity and the accessed resources become exploited. |
Related Terms |
Quotes
Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access.
Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Bibliography
See Also
-
AWS, 2021 (Bibliography)
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.