Threat actors may leverage credentials that are hardcoded in software or firmware to gain an unauthorized interactive user session to an asset.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.