The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.
Extended description
Best practices to prevent this CWE
Phase: Architecture and Design; Implementation
Generation of Security Tokens should be reviewed for design inconsistency and common weaknesses.
Security-Token definition and programming flow should be tested in pre-silicon and post-silicon testing.