← All findings
f-004 — Stealer-log credential reused on /admin/login
critical · admin-panel · status open · first seen 2026-04-22
Framework mapping
| Framework | Controls / requirements |
|---|---|
| ISO/IEC 27001:2022 ISMS |
A.5.18 Access rights |
| NIST Cybersecurity Framework 2.0 Risk |
PR.AC-1 |
| NIST SP 800-53 r5 Federal controls |
IA-5(7) |
| PCI DSS v4.0 Cardholder data |
8.3.6 |
| DORA (EU 2022/2554) Operational resilience |
Art.10 |
| OWASP Top 10 (2021) Web |
A07:2021 |
| MITRE ATT&CK Adversary TTPs |
T1110.004 T1078.004 |