CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation

VariantIncomplete

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

View on MITRE

Back to CWE Lookup

Extended Description

The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.

Technical Details

Structure: Simple

Applicable To

Languages

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-556

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references