Password Spray Attack.
Password Spraying is a type of brute force attack. An attacker attempts to brute force login based on list of usernames with default passwords on the application. The attacker will use one password (like Passw0rd! or SecurePass123) against many accounts on the application to avoid account lockouts that may occur when brute forcing a single accounts with many passwords. This type of attack becomes possible when an application or the administrator sets a default password for new users.
Mitigations