Skip to content
Threat Feed

Tag

Attack.credential-Access

5 briefs RSS
medium advisory

Unauthorized Modification of Azure Conditional Access Policy

An unauthorized actor modifies an Azure Conditional Access policy, potentially leading to privilege escalation, credential access, persistence, or defense impairment.

Azure Active Directory azure conditional-access policy-modification attack.privilege-escalation attack.credential-access attack.persistence attack.defense-impairment attack.t1548 +1
2r 2t
medium advisory

Azure AD Root Certificate Authority Added for Passwordless Authentication

An attacker may add a new root certificate authority to an Azure AD tenant to support certificate-based authentication for persistence, privilege escalation, or defense evasion.

Azure Active Directory attack.credential-access attack.persistence attack.privilege-escalation attack.defense-impairment attack.t1556
2r 4t
high advisory

Okta Password Entered in AlternateID Field

Okta logs may contain user passwords if a user mistakenly enters their password into the username field during login, potentially exposing credentials in logs.

Okta Identity Engine attack.credential-access attack.t1552 okta password-leak
2r 1t
medium advisory

Cisco 802.1X (dot1x) Disabled on Network Interface

Detection of manual disablement of IEEE 802.1X (dot1x) on a Cisco network device interface, potentially allowing unauthorized network access and lateral movement.

IOS attack.defense-evasion attack.persistence attack.credential-access attack.t1562.001 attack.t1556.004
2r 2t
medium advisory

User Added to Group with Conditional Access Policy Modification Access

An attacker adds a user to a privileged Azure Active Directory group with permissions to modify Conditional Access policies, potentially leading to privilege escalation, credential access, persistence, and defense impairment.

Azure Active Directory attack.privilege-escalation attack.credential-access attack.persistence attack.defense-impairment attack.t1548 attack.t1556
3r 4t