Read Time:24 Second
Description
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity, Confidentiality: Gain Privileges or Assume Identity
If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.
Potential Mitigations
CVE References