logo

CWE-386 - Symbolic Name not Mapping to Correct Object

CWE-386

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Symbolic Name not Mapping to Correct Object

Description

A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Notes: The attacker can gain access to otherwise unauthorized resources.

Scope: Integrity, Confidentiality, Other

Impact: Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other

Notes: Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.

Scope: Integrity, Other

Impact: Modify Application Data, Other

Notes: The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.

Scope: Non-Repudiation

Impact: Hide Activities

Notes: If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.

Scope: Non-Repudiation, Integrity

Impact: Modify Files or Directories

Notes: In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.

Related Weaknesses

CWE-610Externally Controlled Reference to a Resource in Another Sphere

CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionMedium

CWE-486Comparison of Classes by NameHigh

CWE-706Use of Incorrectly-Resolved Name or Reference

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website