CWE-593: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

ID CWE-593

Abstraction Variant

Structure Simple

Status Draft

The product modifies the SSL context after connection creation has begun.

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

Modes of Introduction

Phase	Note
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-666	Operation on Resource in Wrong Phase of Lifetime	Class	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-1390	Weak Authentication	Class	Simple	Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-94	Adversary in the Middle (AiTM)	CWE-593