CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
Last updated
Overview
CAPEC-633 (Token Impersonation) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.
Consequences
What a successful CAPEC-633 attack can achieve.
Alter Execution Logic
Affects: Integrity
By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed.
Gain Privileges
Affects: Integrity
By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had.
Hide Activities
Affects: Integrity
Faking the source of data or services can be used to create a false trail in logs as the target will associated any actions with the impersonated identity instead of the adversary.