CWE-556 - ASP.NET Misconfiguration: Use of Identity Impersonation

CWE-556

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: ASP.NET Misconfiguration: Use of Identity Impersonation

Description: Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses: CWE-266Incorrect Privilege Assignment

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard