Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-556:ASP.NET Misconfiguration: Use of Identity Impersonation
Weakness ID:556
Version:v4.17
Weakness Name:ASP.NET Misconfiguration: Use of Identity Impersonation
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

▼Extended Description

The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowedB266Incorrect Privilege Assignment
Nature: ChildOf
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC723OWASP Top Ten 2004 Category A2 - Broken Access Control
MemberOfProhibitedC731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
MemberOfProhibitedC951SFP Secondary Cluster: Insecure Authentication Policy
MemberOfProhibitedC1396Comprehensive Categorization: Access Control
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 723
Name: OWASP Top Ten 2004 Category A2 - Broken Access Control
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 731
Name: OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 951
Name: SFP Secondary Cluster: Insecure Authentication Policy
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1396
Name: Comprehensive Categorization: Access Control
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-332Gain Privileges or Assume Identity (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-332
Name: Gain Privileges or Assume Identity (impact)
▼Relevant To View
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC951SFP Secondary Cluster: Insecure Authentication Policy
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 951
Name: SFP Secondary Cluster: Insecure Authentication Policy
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
Access ControlN/AGain Privileges or Assume Identity
N/A
Scope: Access Control
Likelihood: N/A
Impact: Gain Privileges or Assume Identity
Note:
N/A
▼Potential Mitigations
Phase:Architecture and Design
Mitigation ID:
Strategy:
Effectiveness:
Description:

Use the least privilege principle.

Note:

▼Modes Of Introduction
Phase: Implementation
Note:

N/A

Phase: Operation
Note:

N/A

▼Applicable Platforms
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found