CWE-421: Race Condition During Access to Alternate Channel

Description

The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.

Extended Description

This creates a race condition that allows an attacker to access the channel before the authorized user does.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-1999-0351

FTP "Pizza Thief" vulnerability. Attacker can connect to a port that was intended for use by another client.
CVE: CVE-2003-0230

Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Architecture and Design	N/A

Common Consequences

Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list