UnixTime

Research Note

RISK-0009 Compromised Authentication Information Due to Weak Credential Handling

Because secret authentication information is not issued, reset, stored, and protected through controlled procedures, credentials may be exposed, reused, guessed, or misused.

On this page

RISK-0009

Risk summary

Likelihood
4
Impact
5
Score
20
Level
Critical
  1. 01

    Asset

    Passwords, MFA factors, recovery information, privileged credentials, service secrets, API tokens, and credential reset workflows.

    Business object or system that needs protection.
  2. 02

    Threat

    Credential theft, phishing, password spraying, shared-secret leakage, default credential abuse, unauthorized password reset, or service secret compromise.

    Event, actor, or condition that can create harm.
  3. 03

    Vulnerability

    Temporary credentials are not forced to change, identity is not verified during resets, default passwords remain active, privileged secrets are not vaulted, and user responsibilities are not acknowledged.

    Weakness that makes the threat relevant.
  4. 04

    Risk

    Because secret authentication information is not issued, reset, stored, and protected through controlled procedures, credentials may be exposed, reused, guessed, or misused.

    Scenario evaluated with likelihood, impact, and ownership.
  5. 05

    Treatment

    Mitigate through controlled credential issuance, verified reset workflows, forced temporary credential changes, MFA where risk requires it, privileged credential vaulting, service-secret rotation, and user acknowledgement.

    Decision path for reducing, accepting, transferring, or avoiding risk.

Assessment Rationale

Likelihood

The likelihood is high because credentials remain one of the most common entry points for attackers. Weak handling creates exposure even when identity and access rights appear formally assigned.

Impact

The impact is critical because compromised authentication information can give attackers valid access, bypass perimeter controls, and make malicious activity appear legitimate.

Residual Risk

After treatment, residual risk is estimated as medium when systems enforce policy, resets are logged, privileged secrets are controlled, and credential compromise events trigger response.

Review Notes

Review after credential-related incidents, password policy changes, MFA rollout changes, service desk reset changes, and privileged-access tooling changes.

Software Object Mapping

  • risk
  • authentication
  • credential
  • control
  • evidence
  • Iso27005
  • Risk
  • Iso27001
  • Authentication
  • Credentials

Note Metadata

Aliases: RISK-0009

Source: 05-Risk-Knowledge-Base/RISK-0009-Compromised-Authentication-Information.md