Read Time:58 Second

Description

A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-706
CWE-367
CWE-610
CWE-486

 

Consequences

Access Control: Gain Privileges or Assume Identity

The attacker can gain access to otherwise unauthorized resources.

Integrity, Confidentiality, Other: Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other

Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.

Integrity, Other: Modify Application Data, Other

The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.

Non-Repudiation: Hide Activities

If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.

Non-Repudiation, Integrity: Modify Files or Directories

In some cases it may be possible to delete files that a malicious user might not otherwise have access to — such as log files.

 

Potential Mitigations

CVE References