Variant weakness
Incomplete
CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
Last updated
1
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Variant
Abstraction
MITRE classification
Overview
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
Real-world CVEs
1 recorded CVEs are caused by CWE-556 (ASP.NET Misconfiguration: Use of Identity Impersonation). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-556 is exploited.
Gain Privileges or Assume Identity
Affects: Access Control
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Implementation
Operation