CWE-421 - Race Condition During Access to Alternate Channel

CWE-421

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Race Condition During Access to Alternate Channel

Description: The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
This creates a race condition that allows an attacker to access the channel before the authorized user does.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism

Related Weaknesses

CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Medium

CWE-420Unprotected Alternate Channel

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard