Password spraying is an adversarial password attack technique in which a few commonly used passwords are
utilized on multiple accounts. Rather than applying multiple passwords on the same account as done in a
brute force attack, multiple accounts are targeted. Password spraying can help adversaries to bypass the
access controls applied, which might lock the user account if multiple wrong passwords are attempted. This
technique commonly targets SSO (Single Sign-On) and cloud applications.
In a password spray attack, adversaries “spray” passwords at a large volume of usernames.