T1634: Credentials from Password Store
Essential information
- MITRE technique ID
T1634- Confidence
- 100/100
- Revoked
- No
- Published
- 01/04/2022 16:55
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Platforms
iOS
Description
Adversaries may search common password storage locations to obtain user credentials. Passwords can be stored in several places on a device, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users to manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | credential-access |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.