Name Token Impersonation
Summary An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
Prerequisites This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.
Related Weaknesses
CWE ID Description
CWE-287 Improper Authentication
Back to Top