CWE-386 - Symbolic Name not Mapping to Correct Object
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Symbolic Name not Mapping to Correct Object
Description
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: The attacker can gain access to otherwise unauthorized resources.
Scope: Integrity, Confidentiality, Other
Impact: Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other
Notes: Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.
Scope: Integrity, Other
Impact: Modify Application Data, Other
Notes: The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.
Scope: Non-Repudiation
Impact: Hide Activities
Notes: If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.
Scope: Non-Repudiation, Integrity
Impact: Modify Files or Directories
Notes: In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.
Related Weaknesses
CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionMedium
CWE-486Comparison of Classes by NameHigh
CWE-610Externally Controlled Reference to a Resource in Another Sphere