Tag Archives: Generation of Incorrect Security Tokens

CWE-1270 – Generation of Incorrect Security Tokens

Read Time:27 Second

Description

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284
CWE-1294

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Files or Directories, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Memory, Modify Memory, DoS: Crash, Exit, or Restart

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

CVE References