CAPEC-CAPEC-633 - CERT CVE
Naziv

Token Impersonation

Sažetak An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
Preduvjeti This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.
Rješenja no