Open
Description
On Windows, the ACL for IPC endpoints defaults to allowing access to all users, which is insecure. They should only allow access to the user running the server. Similarly, the client must check that the server named pipe is owned by the client’s user or the system administrator, and must ensure that the security quality of service is limited to Identification.