CAPEC-633

Token Impersonation
Moyen
Stable
2018-04-12
00h00 +00:00
2021-06-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

Informations du CAPEC

Conditions préalables

This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-287

 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-1270

 Generation of Incorrect Security Tokens
The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2018-04-12 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Weaknesses, Taxonomy_Mappings