Prerequisites
This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-287 |
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
CWE-1270 |
Generation of Incorrect Security Tokens The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2018-04-12 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2021-06-24 +00:00 |
Updated Related_Weaknesses, Taxonomy_Mappings |