4 OPC UA security architecture ToC Previous Next

4.3 Security threats to OPC UA systems ToC Previous Next

4.3.12 Compromising user credentials ToC Previous Next

An attacker obtains user credentials such as usernames, passwords, Certificates, or keys by observing them on papers, on screens, or in electronic communications, or by cracking them through guessing or the use of automated tools such as password crackers.

An unauthorized user could launch and access the system to obtain all information and make control and data changes that harm plant operation or information. Once compromised credentials are used, subsequent activities may all appear legitimate.

Compromised user credentials impact Authentication, Authorization and Confidentiality.

See 5.1.11 for the reconciliation of this threat.

Previous Next