VariantIncomplete
CWE-556ASP.NET Misconfiguration: Use of Identity Impersonation
Category: config
Description
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
Common consequences· 1
- Access Control — Gain Privileges or Assume Identity
Potential mitigations· 1
- [Architecture and Design]Use the least privilege principle.
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.