AE06 Disclosure Of Credentials Of Cloud Management Interface
| Context | Remote user interacts with a cloud application |
| Problem | Disclosure of user credentials of management interface of cloud application |
| Solution | Apply credentials rotation policy; Apply muti-factor authentication; Apply certificate-based authentication; |
| References | MS-1: Vulnerabilities in the measurement infrastructure that is used for billing [SECCRIT]; MS-2: Attacks to the metering infrastructure that holds confidential account information… [SECCRIT]; Management Interface Compromise [QUIRC] |
| Type | ns:type_ThreatPattern |
| Victim | su:comp_CloudApplication |
| Aggressor | su:comp_RemoteUser |
| Aggr. role | ns:role_Client |
| STRIDE | ns:STRIDE_Information_Disclosure |
| Threat | Â |