Race Condition During Access to Alternate Channel
Draft Base
Structure: Simple
Description
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
This creates a race condition that allows an attacker to access the channel before the authorized user does.
Common Consequences 1
Scope: Access Control
Impact: Gain Privileges or Assume IdentityBypass Protection Mechanism
Observed Examples 2
CVE-1999-0351FTP "Pizza Thief" vulnerability. Attacker can connect to a port that was intended for use by another client.
CVE-2003-0230Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.
References 2
Discovering and Exploiting Named Pipe Security Flaws for Fun and Profit
Blake Watts
04-2002
https://www.blakewatts.com/blog/discovering-and-exploiting-named-pipe-security-flaws-for-fun-and-profit(2023-04-07)
ID: REF-354
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, and John Viega
McGraw-Hill
2010
ID: REF-44
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Functional Areas
- Program Invocation
Affected Resources
- System Process
Related Weaknesses
Taxonomy Mapping
- PLOVER