From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Password spraying and credential stuffing
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Password spraying and credential stuffing
- [Instructor] There are two other types of password attack that can occur when users poorly manage their passwords. These are password spraying and credential stuffing. In a password spraying attack, the attacker takes a list of commonly used passwords and then uses them to try to attack many different accounts at the same time. For example, here's a list stored on GitHub of 10 million commonly used passwords. An attacker could take this list and use it to attempt to log in to as many accounts as possible. If a target system does not prevent the use of commonly used passwords, chances are that the attack will eventually be successful against at least one account. The best defense against password spraying attacks is to incorporate lists of commonly used passwords into access control systems and prevent users from selecting a password that appears on the list. Credential stuffing attacks are made possible when users…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.