ASP.NET Misconfiguration: Use of Identity Impersonation |
Weakness ID: 556 (Weakness Variant) | Status: Incomplete |
Description Summary
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
Extended Description
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 10 | ASP.NET Environment Issues | Development Concepts (primary)699 |
ChildOf | Weakness Base | 266 | Incorrect Privilege Assignment | Research Concepts (primary)1000 |
ChildOf | Category | 723 | OWASP Top Ten 2004 Category A2 - Broken Access Control | Weaknesses in OWASP Top Ten (2004) (primary)711 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Description | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | ASP.NET Misconfiguration: Identity Impersonation | |||