CWE-556

ASP.NET Misconfiguration: Use of Identity Impersonation

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

Mitigation

Phase: Architecture and Design

Description:

  • Use the least privilege principle.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page