Improper Restriction of Communication Channel to Intended Endpoints

This vulnerability types describes a case where software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

An attacker can perform a spoofing attack and gain unauthorized access to the software that is prone to this vulnerability.