| CAPEC | Related Weakness |
| Try Common or Default Usernames and Passwords |
| CWE-262 | Not Using Password Aging |
| CWE-263 | Password Aging with Long Expiration |
| CWE-521 | Weak Password Requirements |
| CWE-693 | Protection Mechanism Failure |
| CWE-798 | Use of Hard-coded Credentials |
|
| Brute Force |
| CWE-326 | Inadequate Encryption Strength |
| CWE-330 | Use of Insufficiently Random Values |
| CWE-521 | Weak Password Requirements |
|
| Password Brute Forcing |
| CWE-257 | Storing Passwords in a Recoverable Format |
| CWE-262 | Not Using Password Aging |
| CWE-263 | Password Aging with Long Expiration |
| CWE-521 | Weak Password Requirements |
| CWE-693 | Protection Mechanism Failure |
|
| Rainbow Table Password Cracking |
| CWE-261 | Weak Encoding for Password |
| CWE-262 | Not Using Password Aging |
| CWE-263 | Password Aging with Long Expiration |
| CWE-521 | Weak Password Requirements |
| CWE-693 | Protection Mechanism Failure |
| CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
| CWE-916 | Use of Password Hash With Insufficient Computational Effort |
|
| Dictionary-based Password Attack |
| CWE-262 | Not Using Password Aging |
| CWE-263 | Password Aging with Long Expiration |
| CWE-521 | Weak Password Requirements |
| CWE-693 | Protection Mechanism Failure |
|
