216.73.217.86

T1634: Credentials from Password Store

View on MITRE ATT&CK The MITRE Corporation · Published 01/04/2022 16:55 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1634
Confidence
100/100
Revoked
No
Published
01/04/2022 16:55
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Platforms

iOS

Description

Adversaries may search common password storage locations to obtain user credentials. Passwords can be stored in several places on a device, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users to manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.

Kill chain phases

Kill chainPhase
mitre-mobile-attack credential-access

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references