← Cybersecurity Alphabet Soup

TOCTOU

Time-of-Check to Time-of-Use

attackshard

A Time-of-Check to Time-of-Use flaw is a race condition where a program checks a condition, like file permissions, and then acts on it, but the state changes in the gap between the check and the use. Attackers exploit that window, for example by swapping a file for a link to a sensitive one. TOCTOU bugs are a classic source of privilege escalation in operating systems.

Sources

More in attacks