Description
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
Potential Impact
Access Control
Gain Privileges or Assume Identity
Integrity, Confidentiality, Other
Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other
Integrity, Other
Modify Application Data, Other
Non-Repudiation
Hide Activities
Non-Repudiation, Integrity
Modify Files or Directories
Related Weaknesses
Taxonomy Mappings
- CLASP: — Symbolic name not mapping to correct object
Frequently Asked Questions
What is CWE-386?
CWE-386 (Symbolic Name not Mapping to Correct Object) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
How can CWE-386 be exploited?
Attackers can exploit CWE-386 (Symbolic Name not Mapping to Correct Object) to gain privileges or assume identity. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-386?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-386?
CWE-386 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.