VYPR

CWE-1270

Generation of Incorrect Security Tokens

BaseIncomplete

Description

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-121 · CAPEC-633 · CAPEC-681

CVEs mapped to this weakness (3)

  • CVE-2023-2882CriMay 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

  • CVE-2023-32188CriOct 16, 2024
    risk 0.54cvss epss 0.00

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

  • CVE-2014-2237Apr 1, 2014
    risk 0.00cvss epss 0.01

    The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the…