The adversary explores to gauge what level of access they have.
The adversary gains access to a resource on the target host. The adversary modifies the targeted resource. The resource's value is used to determine the next normal execution action.
The resource is modified/checked concurrently by multiple processes. By using one of the processes, the adversary is able to modify the value just before it is consumed by a different process. A race condition occurs and is exploited by the adversary to abuse the target host.
Weakness Name | |
---|---|
Context Switching Race Condition A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch. |
|
Race Condition Enabling Link Following The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file. |
|
Race Condition within a Thread If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. |
|
Missing Check for Certificate Revocation after Initial Check The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even after the certificate is revoked at a later time. |
|
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
|
Improper Synchronization The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. |
|
Permission Race Condition During Resource Copy The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place. |
|
Improper Locking The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
|
Improper Initialization The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
|
Race Condition for Write-Once Attributes A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue. |
|
Incorrect Comparison Logic Granularity The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes. |
|
Hardware Logic Contains Race Conditions A race condition in the hardware logic results in undermining security guarantees of the system. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern) | |
CAPEC Content Team | The MITRE Corporation | Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact | |
CAPEC Content Team | The MITRE Corporation | Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References, Solutions_and_Mitigations | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Example_Instances, Execution_Flow, Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |