ASP.NET Misconfiguration: Use of Identity Impersonation
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
Weaknesses in this category are related to access control.
This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.
This view (slice) covers all the elements in CWE.
This view (slice) lists weaknesses that can be introduced during implementation.