CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Description
This vulnerability types describes a case where software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
An attacker can perform a spoofing attack and gain unauthorized access to the software that is prone to this vulnerability.