UserAccount

Purpose

A UserAccount represents the presence of an active user account in an access control mechanism.

Connections

Object

Connection

Description

Function

User

Authentication

A connection to User tells which User owns/can use the UserAccount.

If there is no user, it is not possible to extract a password from him/her (ExtractFromUser).

Keystore

Authorization

Connection to a Keystore object denotes that the UserAccount is stored in this particular Keystore.

A missing connection to a Keystore prevents compromise to a UserAccount through a Keystore.

AccessControl

Root Authorization

Denotes that the UserAccount is a root/admin account to the AccessControl.

One association to AccessControl is mandatory.

AccessControl

Non-Root Authorization

Denotes that the UserAccount is a regular user account to the AccessControl.

One association to AccessControl is mandatory.

Attack Steps and Defenses

Attack Step

Description

Leads to

Compromise

The possibility to control/own it.

AccessControl: NonRootLogin
AccessControl: RootLogin

GuessOffline

Retrieving credentials from a password repository that is locally accessible through password cracking. Often some form of a tool for automated cracking is used.

UserAccount: Comprmise

GuessOnline

Guessing credentials online. Influenced by the existence of default passwords, if a proactive password checker is used, if a back-off technique is used and if a scan has been done by a network vulnerability scanner.

UserAccount: Comprmise

Defense

Description

Default

MFA

MultiFactorAuthentication If the credentials of a UserAccount is distributed over several Keystores, the Attacker needs to obtain all of them.

Off