CWE-556 ASP.NET误配置:使用身份伪装
ASP.NET Misconfiguration: Use of Identity Impersonation
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
扩展描述
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
相关缺陷
常见的影响
范围 | 影响 | 注释 |
---|---|---|
Access Control | Gain Privileges or Assume Identity |
可能的缓解方案
Architecture and Design
策略:
Use the least privilege principle.
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论