CWE-556
ASP.NET Misconfiguration: Use of Identity Impersonation
AI Translation Available
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
Status
incomplete
Abstraction
variant
Affected Platforms
ASP.NET
Extended Description
AI Translation
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
Technical Details
AI Translation
Common Consequences
access control
Impacts
gain privileges or assume identity
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
Use the least privilege principle.