Home
ATT&CK Techniques
T1552 Unsecured Credentials

T1552 Unsecured Credentials Mappings

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1552	Unsecured Credentials
AC-17	Remote Access	Protects	T1552	Unsecured Credentials
AC-18	Wireless Access	Protects	T1552	Unsecured Credentials
AC-19	Access Control for Mobile Devices	Protects	T1552	Unsecured Credentials
AC-2	Account Management	Protects	T1552	Unsecured Credentials
AC-20	Use of External Systems	Protects	T1552	Unsecured Credentials
AC-3	Access Enforcement	Protects	T1552	Unsecured Credentials
AC-4	Information Flow Enforcement	Protects	T1552	Unsecured Credentials
AC-5	Separation of Duties	Protects	T1552	Unsecured Credentials
AC-6	Least Privilege	Protects	T1552	Unsecured Credentials
CA-7	Continuous Monitoring	Protects	T1552	Unsecured Credentials
CA-8	Penetration Testing	Protects	T1552	Unsecured Credentials
CM-2	Baseline Configuration	Protects	T1552	Unsecured Credentials
CM-5	Access Restrictions for Change	Protects	T1552	Unsecured Credentials
CM-6	Configuration Settings	Protects	T1552	Unsecured Credentials
CM-7	Least Functionality	Protects	T1552	Unsecured Credentials
IA-2	Identification and Authentication (organizational Users)	Protects	T1552	Unsecured Credentials
IA-3	Device Identification and Authentication	Protects	T1552	Unsecured Credentials
IA-4	Identifier Management	Protects	T1552	Unsecured Credentials
IA-5	Authenticator Management	Protects	T1552	Unsecured Credentials
RA-5	Vulnerability Monitoring and Scanning	Protects	T1552	Unsecured Credentials
SA-11	Developer Testing and Evaluation	Protects	T1552	Unsecured Credentials
SA-15	Development Process, Standards, and Tools	Protects	T1552	Unsecured Credentials
SC-12	Cryptographic Key Establishment and Management	Protects	T1552	Unsecured Credentials
SC-28	Protection of Information at Rest	Protects	T1552	Unsecured Credentials
SC-4	Information in Shared System Resources	Protects	T1552	Unsecured Credentials
SC-7	Boundary Protection	Protects	T1552	Unsecured Credentials
SI-10	Information Input Validation	Protects	T1552	Unsecured Credentials
SI-12	Information Management and Retention	Protects	T1552	Unsecured Credentials
SI-15	Information Output Filtering	Protects	T1552	Unsecured Credentials
SI-2	Flaw Remediation	Protects	T1552	Unsecured Credentials
SI-4	System Monitoring	Protects	T1552	Unsecured Credentials
SI-7	Software, Firmware, and Information Integrity	Protects	T1552	Unsecured Credentials
CVE-2019-3787	UAA Release (OSS)	primary_impact	T1552	Unsecured Credentials
CVE-2018-15797	NFS Volume Release	exploitation_technique	T1552	Unsecured Credentials
CVE-2018-11088	Application Service	primary_impact	T1552	Unsecured Credentials
CVE-2019-3763	RSA Identity Governance and Lifecycle	primary_impact	T1552	Unsecured Credentials
CVE-2020-15105	django-two-factor-auth	primary_impact	T1552	Unsecured Credentials
CVE-2020-12008	Baxter ExactaMix EM 2400 & EM 1200	primary_impact	T1552	Unsecured Credentials
CVE-2018-17900	STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500	primary_impact	T1552	Unsecured Credentials
CVE-2019-6549	PR100088 Modbus gateway	primary_impact	T1552	Unsecured Credentials
CVE-2015-0984	n/a	uncategorized	T1552	Unsecured Credentials
CVE-2018-11749	Puppet Enterprise	uncategorized	T1552	Unsecured Credentials
CVE-2015-8562	n/a	uncategorized	T1552	Unsecured Credentials
CVE-2014-0751	n/a	uncategorized	T1552	Unsecured Credentials
CVE-2020-4408	Qradar Advisor	uncategorized	T1552	Unsecured Credentials
CVE-2019-13922	SINEMA Remote Connect Server	uncategorized	T1552	Unsecured Credentials
CVE-2018-7259	n/a	uncategorized	T1552	Unsecured Credentials
CVE-2018-18641	n/a	uncategorized	T1552	Unsecured Credentials
CVE-2017-14487	n/a	uncategorized	T1552	Unsecured Credentials
aws_config	AWS Config	technique_scores	T1552	Unsecured Credentials
amazon_guardduty	Amazon GuardDuty	technique_scores	T1552	Unsecured Credentials
aws_iot_device_defender	AWS IoT Device Defender	technique_scores	T1552	Unsecured Credentials
aws_key_management_service	AWS Key Management Service	technique_scores	T1552	Unsecured Credentials
aws_secrets_manager	AWS Secrets Manager	technique_scores	T1552	Unsecured Credentials
aws_cloudhsm	AWS CloudHSM	technique_scores	T1552	Unsecured Credentials

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1552.003	Bash History	5
T1552.005	Cloud Instance Metadata API	16
T1552.007	Container API	15
T1552.001	Credentials In Files	31
T1552.002	Credentials in Registry	20
T1552.006	Group Policy Preferences	14
T1552.004	Private Keys	28