CWE

.NET Misconfiguration: Use of Impersonation

ID: 520		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.

Applicable Platforms
None

Time Of Introduction

• Architecture and Design
• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Gain privileges / assume identity

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Operation		Run the application with limited privilege to the underlying operating and file system.

Relationships

Related CWE	Type	View	Chain
CWE-520 ChildOf CWE-901	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
Anonymous Tool Vendor (under NDA)

References:
None