CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints


This vulnerability types describes a case where software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

An attacker can perform a spoofing attack and gain unauthorized access to the software that is prone to this vulnerability.

Latest vulnerabilities for CWE-923


Description of CWE-923 on Mitre website