Separate abuse of default credentials from other credentials

vz-risk / veris

Vocabulary for Event Recording and Incident Sharing (VERIS)

http://verisframework.org

Other

571 stars 161 forks source link

Separate abuse of default credentials from other credentials #123

Open thorsheim opened 8 years ago

thorsheim commented 8 years ago

If I understand this correctly, abuse of default credentials falls into the same category as successful bruteforced credentials.

I'd like to see a separation of those two, to better show the importance of changing default credentials, and perhaps convince vendors to change away from default credentials to "does not work without configuring a set of credentials" or something similar.

gdbassett commented 8 years ago

We don't usually have the detail to code the two distinctions if they existed in veris.
The difference in codes would be interesting but would not be likely to drive lots of practical actions
We do not have a good way to update historically coded records.

gdbassett commented 8 years ago

updating from closed to deferred to the spit enum build.

gdbassett commented 6 years ago

considered 2018 and deferred again.

gdbassett commented 5 years ago

deferred 2019 over concern we would not have the granularity to tell the difference between the children.

gdbassett commented 3 years ago

If we know that the credentials are default, it should be coded as a action.*.variety.Exploit misconfig. However if we don't know know, brute force & use of lost & stolen is appropriate.