Threat Category: Authentication: User or Device to Network
Threat Description: OS APIs provide access to device locations to properly store sensitve credentials. Improper storage of credentials could lead to unauthorized access or exposure.
Not Applicable, See Exploit or CVE Examples
To mitigate the risk associated with a stolen credential, use authentication protocols that generate unpredictable one-time cryptographic tokens that are replay-resistant (e.g. public key authentication, FIDO Alliance protocols)Mobile Device User
Educate users that Oauth 2.0 style authorization request from native applications should only be made through external user-agents (system browser)