A password spraying attack is when an attacker tries a small number of common passwords against many different accounts on a system in the (often justified) hope that one of them, at least, will be using a weak password.