RISK-0009
Risk summary
- Likelihood
- 4
- Impact
- 5
- Score
- 20
- Level
- Critical
- 01
Asset
Passwords, MFA factors, recovery information, privileged credentials, service secrets, API tokens, and credential reset workflows.
Business object or system that needs protection. - 02
Threat
Credential theft, phishing, password spraying, shared-secret leakage, default credential abuse, unauthorized password reset, or service secret compromise.
Event, actor, or condition that can create harm. - 03
Vulnerability
Temporary credentials are not forced to change, identity is not verified during resets, default passwords remain active, privileged secrets are not vaulted, and user responsibilities are not acknowledged.
Weakness that makes the threat relevant. - 04
Risk
Because secret authentication information is not issued, reset, stored, and protected through controlled procedures, credentials may be exposed, reused, guessed, or misused.
Scenario evaluated with likelihood, impact, and ownership. - 05
Treatment
Mitigate through controlled credential issuance, verified reset workflows, forced temporary credential changes, MFA where risk requires it, privileged credential vaulting, service-secret rotation, and user acknowledgement.
Decision path for reducing, accepting, transferring, or avoiding risk.
Controls that treat the risk
Evidence that proves operation
Assessment Rationale
Likelihood
The likelihood is high because credentials remain one of the most common entry points for attackers. Weak handling creates exposure even when identity and access rights appear formally assigned.
Impact
The impact is critical because compromised authentication information can give attackers valid access, bypass perimeter controls, and make malicious activity appear legitimate.
Residual Risk
After treatment, residual risk is estimated as medium when systems enforce policy, resets are logged, privileged secrets are controlled, and credential compromise events trigger response.
Review Notes
Review after credential-related incidents, password policy changes, MFA rollout changes, service desk reset changes, and privileged-access tooling changes.
Software Object Mapping
- risk
- authentication
- credential
- control
- evidence
- Iso27005
- Risk
- Iso27001
- Authentication
- Credentials
Note Metadata
Aliases: RISK-0009
Source: 05-Risk-Knowledge-Base/RISK-0009-Compromised-Authentication-Information.md