CAPEC-633
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Descripciones CAPEC
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
Informaciones CAPEC
Prerrequisitos
This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.Debilidades relacionadas
| Nombre de la debilidad | |
|---|---|
CWE-287 |
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
CWE-1270 |
Generation of Incorrect Security Tokens The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect. |
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses, Taxonomy_Mappings |
