DerScanner
Home / Vulnerability Database / C or C++ : Predictable mkstemp filename
C/C++

C or C++ : Predictable mkstemp filename

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
CWE
CWE-1032

Overview

Using mkstemp with a string containing less than six “X” characters as a parameter is insecure. This function creates a temporary file with a unique name. The number of “X” characters in the string argument specifies specifies the number of random characters in the file name. If the argument contains less than six “X” characters, the call is insecure. The same applies to mkstemps, mkdtemp.

References

  1. CWE-377: Insecure Temporary File
  2. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix C or C++ : Predictable mkstemp filename in your application?

See also

C/C++

C or C++ : Dead store

C/C++

C or C++ : Use after free

C/C++

C or C++ : va_list uninitialized