CWE-421: Race Condition During Access to Alternate Channel
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
扩展描述
This creates a race condition that allows an attacker to access the channel before the authorized user does.
常见后果
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity Bypass Protection Mechanism
观察示例
参考: CVE-1999-0351
FTP "Pizza Thief" vulnerability. Attacker can connect to a port that was intended for use by another client.
参考: CVE-2003-0230
Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Alternate Channel Race Condition | - |