Description
This vulnerability types describes a case where software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
An attacker can perform a spoofing attack and gain unauthorized access to the software that is prone to this vulnerability.
Latest vulnerabilities for CWE-923
References
Description of CWE-923 on Mitre website