Race Condition Vulnerability

What is Race Condition Vulnerability ?

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions. An example may be seen on a multithreaded application where actions are being performed on the same data. There is a possibility that a race condition vulnerability exists where an attacker can trick the system into carrying out unauthorized actions in addition to its normal processes.

For example, before allowing someone to log in, a security system first receives their username and password and then checks it against a database before allowing access. Attackers can exploit this fact by interfering with processes to access secure areas and content in what’s known as a race condition attack.

How the race condition vulnerabilities can be exploited?

There are two main ways this attack is carried out:

• Interference by an untrusted process — The attacker inserts a piece of code in between the steps of a secure process.
• Interference by a trusted process — The attacker exploits two different processes that share some state in common.

Example 1:

Client-side actions-