CWE-421 - Race Condition During Access to Alternate Channel
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Race Condition During Access to Alternate Channel
Description
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
This creates a race condition that allows an attacker to access the channel before the authorized user does.
Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism
