Unsecured Credentials: Credentials in Registry


Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanSMBWindows registryPlugin ID: 10412


Microsoft Windows SMB Registry : Autologon Enabled

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Credential Access

Platform: Windows

Tenable Release Date: 2023 Q4