Dark Mode
Capec-633 Detail
Token Impersonation
Detailed Software Hardware Typical Severity: Medium
Parents: 194
Threats: T59 T263 T271 T292 T307
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-633 | capec | https://capec.mitre.org/data/definitions/633.html | |
| CWE-287 | cwe | http://cwe.mitre.org/data/definitions/287.html | |
| CWE-1270 | cwe | http://cwe.mitre.org/data/definitions/1270.html | |
| T1134 | ATTACK | https://attack.mitre.org/wiki/Technique/T1134 | Access Token Manipulation |
Not present
- This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity.
Not present
Not present
| Integrity |
|---|
| Alter Execution Logic (By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed.) |
| Gain Privileges (By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had.) |
| Hide Activities (Faking the source of data or services can be used to create a false trail in logs as the target will associated any actions with the impersonated identity instead of the adversary.) |
Not present