CWE-593: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
ID
CWE-593
Abstraction
Variant
Structure
Simple
Status
Draft
The product modifies the SSL context after connection creation has begun.
If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.
Modes of Introduction
Phase | Note |
---|---|
Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org
Loading...