Read Time:33 Second
Description
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
This creates a race condition that allows an attacker to access the channel before the authorized user does.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism
Potential Mitigations
CVE References
- CVE-1999-0351
- FTP “Pizza Thief” vulnerability. Attacker can connect to a port that was intended for use by another client.
- CVE-2003-0230
- Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.