1. Home
  2. Weaknesses
  3. CWE-556

CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation

ID CWE-556
Abstraction Variant
Structure Simple
Status Incomplete
Number of CVEs 1
Detail Dashboard Vulnerabilities Web & Social
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.

Modes of Introduction

Phase Note
Implementation
Operation

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-266 Incorrect Privilege Assignment Base Simple Draft

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date