CWE-1270 6 CVEs MITRE definition ↗

CWE-1270: Generation of Incorrect Security Tokens

Overview

CWE-1270 (Generation of Incorrect Security Tokens) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-59698 2025-12-02 Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
CVE-2023-32188 2024-10-16 A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead …
CVE-2023-22644 2023-09-20 A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead …
CVE-2023-2882 2023-05-25 Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE-2023-30524 2023-04-12 Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2022-31122 2022-10-18 Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metada…

Previous names

  • Generation of Incorrect Security Identifiers (2020-08-20)

Content submission

Name
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization
Intel Corporation
Date
2020-03-06
Version
4.1

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Relationships
2021-07-20 CWE Content Team 4.5 updated Related_Attack_Patterns
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Common_Consequences, Description, Weakness_Ordinalities
cvelogic Threat Intelligence