CWE•Base•Incomplete•1 recent CVE
CWE-1270Generation of Incorrect Security Tokens
Description
The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.
[object Object]
Common consequences
- Confidentiality,Integrity,Availability,Access Control→Modify Files or Directories,Execute Unauthorized Code or Commands,Bypass Protection Mechanism,Gain Privileges or Assume Incorrectly generated Security Tokens could result in the same token used for multiple agents or multiple tokens being used for the same agent. This condition could result in a Denial-of-Service (DoS) or the execution of an action that in t
Potential mitigations
- Architecture and Design,Implementation[object Object]