CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation

Variant Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

扩展描述

The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.

常见后果

影响范围: Access Control

技术影响: Gain Privileges or Assume Identity

潜在缓解措施

阶段: Architecture and Design

描述: Use the least privilege principle.

引入模式

阶段 说明
Implementation -
Operation -
关键信息

CWE ID: CWE-556

抽象级别: Variant

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-266

Incorrect Privilege Assignment

Base
返回列表