AUT-11 · Mobile Threat Catalogue
Archived: 2026-04-05 19:15:06 UTC
Mobile Threat Catalogue
Stolen Credentials
Contribute
Threat Category: Authentication: User or Device to Remote Service
ID: AUT-11
Threat Description: Vulnerabilities in applications may allow attackers to steal credentials from a device either
remotely or with physical access.
Threat Origin
Exploit Examples
Serious OS X and iOS Flaws Let Hackers Steal Keychain, 1Password Contents 2
CVE Examples
Possible Countermeasures
Mobile App Developer
When creating files, named sockets, or similar resources statically-defined (i.e., predictable by an attacker), verify
that the resource does not already exist. If it does, cease execution and exit the app with an error that prompts the
user to take action.
Enterprise
Use app-vetting tools or services to identify malicious apps that exploit cross-application resource attacks.
References
Source: https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-11.html
https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-11.html
Page 1 of 1