Read Time:33 Second

Description

The software, by default, initializes an internal variable with an insecure or less secure value than is possible.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1188

 

Consequences

Integrity: Modify Application Data

An attacker could gain access to and modify sensitive data or system information.

 

Potential Mitigations

Phase: System Configuration

Description: 

Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.

CVE References