|
|
|
|
CWE-386 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 386 (Weakness Base) | | Description | Summary A constant symbolic reference to
an object is used, even though the reference can
resolve to a different object over time. | | Common Consequences | Access control: The attacker can gain access to otherwise unauthorized
resources. Authorization: Race conditions such as this kind may be employed to gain read
or write access to resources not normally readable or writable by the user in question. Integrity: The resource in question, or other resources (through the corrupted
one) may be changed in undesirable ways by a malicious user. Accountability: If a file or other resource is written in this method, as
opposed to a valid way, logging of the activity may not occur. Non-repudiation: In some cases it may be possible to delete files that a
malicious user might not otherwise have access to -- such as log files. | | Relationships | | | Source Taxonomies | CLASP - Symbolic name not mapping to correct object | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
