Skip to end of banner
Go to start of banner

Credential Harvesting

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Credential Harvesting

Dictionary Term

  • Compile bibliography

Alternative Forms

Definitions

Definition 1

Credential harvesting designates a class of attacks characterized by the collection of identity attributes and credentials with the objective of compromising their linked identities.

Credential harvesting may be subdivided into two subclasses:

  • Credential harvesting in the reconnaissance phase of an attack where identity attributes such as email addresses or login ids are guessed or collected from available data sources. Often, the confidentiality of these identity attributes cannot be effectively assured but they are not sufficient to exploit the identities.

  • Credential harvesting in preparation for the exploitation phase of an attack where identity attributes or credentials such as passwords or session tokens are collected to enable the compromise of identities.

Credential harvesting may be designated by the identity attribute that is being harvested, e.g.: email addresses harvesting or password harvesting.

Example identity attributes or credentials that may be collected as part of credential harvesting are:

  • Certificates

  • Email address

  • Login ID

  • Password

  • Password hash

  • Session token (e.g. web cookies or web parameters)

Example classes of actors who may engage in credential harvesting:

  • Bots

  • Humans

  • Worms (ex: Nimba)

Example data sources used to harvest credentials:

  • Configuration files (e.g. plaintext passwords)

  • Databases

  • Documents (e.g. email addresses, login ids, passwords)

  • Email or application services that allow guessing attributes/dictionary attacks

  • Identity repositories (e.g. LDAP, Windows Active Directory)

  • In-memory data (e.g. login ids, plaintext passwords, session tokens)

  • People (through social engineering)

  • Phishing websites (e.g. login ids, passwords, second authentication factor)

  • Reusable identity attributes or credentials obtained from previous data breaches

  • Web sites, social networks, and forums (e.g. email addresses via web scraping)

Example countermeasures against credential harvesting comprise:

  • Canary identities

  • Disabling credential caching

  • Digital Rights Management (DRM)

  • Encryption

  • Hardware Security Module (HSM)

  • Multi-Factor Authentication (HSM)

  • Password Managers

  • Privileged Access Management (PAM)

  • Security awareness program

  • Securing confidential information

  • System hardening

Sample Sentences

Conceptual Diagram

Related Terms

  • Password

  • Worm

Quotes

 Doe, 2050, p. 1
Unable to render {include} The included page could not be found.

Bibliography

See Also

  • No labels

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.