CWE-558: Use of getlogin() in Multithreaded Application

The product uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

The getlogin() function returns a pointer to a string that contains the name of the user associated with the calling process. The function is not reentrant, meaning that if it is called from another process, the contents are not locked out and the value of the string can be changed by another process. This makes it very risky to use because the username can be changed by other processes, so the results of the function cannot be trusted.

CWE-558: Use of getlogin() in Multithreaded Application

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-558?

How do you prevent CWE-558?

How is CWE-558 detected?

What are the consequences of CWE-558?

References

Stay ahead of CWE-558

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-558?

How do you prevent CWE-558?

How is CWE-558 detected?

What are the consequences of CWE-558?

References

Stay ahead of CWE-558