CWE-386

Base Abstraction Level
Pillar — Highest-level weakness category
Class — Abstract, language-independent
Base — Specific enough to detect
Variant — Tied to specific technology
Compound — Requires multiple weaknesses
Draft MITRE CWE Status
Stable — Fully reviewed and complete
Draft — Under development, may change
Incomplete — Partially defined by MITRE
Deprecated — No longer recommended
Obsolete — Replaced by another CWE
Symbolic Name not Mapping to Correct Object

Description

A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.

Consequences

Access Control — Gain Privileges or Assume Identity

The attacker can gain access to otherwise unauthorized resources.

Integrity, Confidentiality, Other — Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other

Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.

Integrity, Other — Modify Application Data, Other

The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.

Non-Repudiation — Hide Activities

If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.

Non-Repudiation, Integrity — Modify Files or Directories

In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.