Symbolic name not mapping to correct object

From OWASP

Jump to: navigation, search

Overview

A constant symbolic reference to an object is used, even though the underlying object changes over time.

Consequences

Access control: The attacker can gain access to otherwise unauthorized resources.

Authorization: Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.

Integrity: The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.

Accountability: If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.

Non-repudiation: In some cases it may be possible to delete files that a malicious user might not otherwise have access to - such as log files.

Exposure period

Platform

Required resources

Severity

Likelihood of exploit

Avoidance and mitigation

Discussion

See more specific instances.

Examples

Not available.

Related problems

Time of check, time of use race condition

Comparing classes by name

Retrieved from "http://www.owasp.org/index.php/Symbolic_name_not_mapping_to_correct_object"

Categories: OWASP Honeycomb Project | Vulnerability | General Logic Error Vulnerability | OWASP CLASP Project

Views

Personal tools

Log in / create account

Reference

search

Toolbox