CWE-224: Obscured Security-relevant Information by Alternate Name

Description

The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

This code prints the contents of a file if a user has permission.


// //resolve file if its a symbolic link// 
$realFile = readlink($filename);

echo file_get_contents($realFile);return;

echo 'Access denied';writeLog($user . ' attempted to access the file '. $filename . ' on '. date('r'));$user = getCurrentUser();$realFile = $filename;if(is_link($filename)){}if(fileowner($realFile) == $user){}else{}function readFile($filename){}

While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363).

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 24, 2024 6:33