Threat CC.AuC.HumCCC-nS.3

URI: CC.AuC.HumCCC-nS.3

Package: ProcessComms

< prev | next >

Description: Credential stuffing to find password used by Human to access Service from Client: this threat applies where a human user of client Client uses a weak password which can guessed or found by brute force attack and used by an attacker to access Service as the client.

Threat Type: Primary Threat

Matching Pattern:

CC.AuC.HumCCC-nS.3
MP-HumCCC-nS

Finds a User managing a Client that uses and authenticates directly with a Service, plus the ClientChannel between them, their hosts, and optionally the service and service host managers.

        (empty)

        (empty)

CSG-AccountLockingAtService

The number of login attempts at service Service is limited, and user accounts locked when there are too many unsuccessful login attempts, or too many login attempts within a short period.

CSG-ClientOneTimeKeyAuthentication

Access to service Service is controlled, by authenticating authorised users using a one time key created using a client-side authentication device provided to them.

CSG-ClientOutOfBandKeyAuthentication

Access to service Service is controlled, by authenticating authorised users using a password and a separate key sent to them via a separate (out of band) means.

CSG-ClientStrongPasswordAuthentication

The quality of passwords to authenticate users of service Service is checked whenever the password is set or changed, e.g. using standards like NIST-800-63.

CSG-UserBasicSecurityTraining

Users in the role Human are trained to avoid basic cyber security errors associated with the use of passwords.

CSG-UserSecurityTraining

Users in the role Human are trained to avoid most common cyber security errors by using only strong passwords, recognising malicious emails, and the importance of physical security including the use of screen locking for fixed devices that cannot be carried on the person.