Naziv |
Token Impersonation |
---|---|
Sažetak | An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary. |
Preduvjeti | This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity. |
Rješenja | no |