{
	"id": "554643c0-45b8-4ead-a946-af9d90c50981",
	"created_at": "2026-04-06T03:36:53.78439Z",
	"updated_at": "2026-04-10T03:19:56.92812Z",
	"deleted_at": null,
	"sha1_hash": "656b3a37294dfde67c41b97855d37048f5f1160e",
	"title": "AUT-10 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43539,
	"plain_text": "AUT-10 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 03:19:41 UTC\r\nMobile Threat Catalogue\r\nCapturing Credentials\r\nContribute\r\nThreat Category: Authentication: User or Device to Remote Service\r\nID: AUT-10\r\nThreat Description: Malicious applications can intercept and steal passwords when logging in using webpages\r\nrendered within applications.\r\nThreat Origin\r\nOAuth 2.0 for Native Apps 1\r\nExploit Examples\r\nStealing Passwords is Easy in Native Mobile Apps Despite OAuth 2\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nUse app-vetting tools or services to identify malicious behaviors in apps.\r\nReferences\r\n1. W. Denniss and J. Bradley, “OAuth 2.0 for Native Apps”, IETF Internet Draft, work in progress, July 2016;\r\nhttps://datatracker.ietf.org/doc/html/draft-wdenniss-oauth-native-apps [accessed 8/1/2022] ↩\r\nhttps://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-10.html\r\nPage 1 of 2\n\n2. A. Wulf, “Stealing Passwords is Easy in Native Mobile Apps Despite OAuth”, blog, 12 Jan. 2011;\r\nhttp://welcome.totheinter.net/2011/01/12/stealing-passwords-is-easy-in-native-mobile-apps-despite-oauth/\r\n[accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-10.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-10.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-10.html"
	],
	"report_names": [
		"AUT-10.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775446613,
	"ts_updated_at": 1775791196,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/656b3a37294dfde67c41b97855d37048f5f1160e.pdf",
		"text": "https://archive.orkl.eu/656b3a37294dfde67c41b97855d37048f5f1160e.txt",
		"img": "https://archive.orkl.eu/656b3a37294dfde67c41b97855d37048f5f1160e.jpg"
	}
}