BaseDraft

CWE-421Race Condition During Access to Alternate Channel

Category: logic

Description

The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race condition that allows an attacker to access the channel before the authorized user does.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity, Bypass Protection Mechanism

References

  1. https://cwe.mitre.org/data/definitions/421.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Verification of Source of a Communication Channel
CWE
Unprotected Primary Channel
CWE
Incorrect Synchronization
CWE
Improper Restriction of Communication Channel to Intended Endpoints
CWE
Channel Accessible by Non-Endpoint
CWE
Missing Synchronization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.