The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
View on MITREThis creates a race condition that allows an attacker to access the channel before the authorized user does.
No mitigation information available for this CWE.
No detection method information available for this CWE.
FTP "Pizza Thief" vulnerability. Attacker can connect to a port that was intended for use by another client.
View DetailsProduct creates Windows named pipe during authentication that another attacker can hijack by connecting to it.
View DetailsNo relationship information available for this CWE.
CWE-421: Race Condition During Access to Alternate Channel is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race condition that allows an attacker to access the channel before the authorized user does.
If exploited, CWE-421 (Race Condition During Access to Alternate Channel) it can compromise Access Control, leading to outcomes such as Gain Privileges or Assume Identity and Bypass Protection Mechanism.
CWE-421 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-421, including CVE-1999-0351 and CVE-2003-0230. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-421 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.