Back to CWE list
CWE-556
ASP.NET Misconfiguration: Use of Identity Impersonation
Variant
Incomplete
Description
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Gain Privileges or Assume Identity
Potential Mitigations
Architecture and Design
Use the least privilege principle.
Applicable Platforms
ASP.NET
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now