CWE-556 ASP.NET误配置:使用身份伪装
ASP.NET Misconfiguration: Use of Identity Impersonation
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
扩展描述
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 266 cwe_View_ID: 1000 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity |
可能的缓解方案
Architecture and Design
策略:
Use the least privilege principle.