Identify valid login credentials by trying different values for usernames and/or passwords.
What is Credential Cracking?
Brute force, dictionary (word list) and guessing attacks used against authentication processes of the application to identify valid account credentials. This may utilize common usernames or passwords, or involve initial username evaluation.
The use of stolen credential sets (paired username and passwords) to authenticate at one or more services is OAT-008 Credential Stuffing
Credential cracking is also known by terms such as brute-force attacks against sign-in, brute forcing log-in credentials, brute-force password cracking, cracking login credentials, password brute-forcing, password cracking, reverse brute force attack, username cracking, username enumeration.
The symptoms of Credential Cracking
Relatively high number of failed login attempts
Many requests containing variations on account name and/or password
Elevated account lock rate
Increased customer complaints of account hijacking through help center or social media outlets
Sectors targeted by Credential Cracking
- Social Networking
Can InfiSecure prevent Credential Cracking?
InfiSecure advanced bot engines can stop credential cracking fraud in real-time. Using the most advanced bot mitigation technology, InfiSecure can identify and restrict automated usage by fingerprinting the user agent for its unique characteristics and also restrict automated usage by reputation methods.