logo

CWE-556 - ASP.NET Misconfiguration: Use of Identity Impersonation

CWE-556

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

ASP.NET Misconfiguration: Use of Identity Impersonation

Description

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website