Name | Token Impersonation | ||||
Summary | An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary. | ||||
Prerequisites | This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity. | ||||
Solutions | |||||
Related Weaknesses |
|