CWE-412
Unrestricted Externally Accessible Lock
The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Use any access control that is offered by the functionality that is offering the lock.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Use unpredictable names or identifiers for the locks. This might not always be possible or feasible.
Mitigation
Phase: Architecture and Design
Description:
- Consider modifying your code to use non-blocking synchronization methods.
CAPEC-25: Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.