Read Time:33 Second
Description
The software, by default, initializes an internal variable with an insecure or less secure value than is possible.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Integrity: Modify Application Data
An attacker could gain access to and modify sensitive data or system information.
Potential Mitigations
Phase: System Configuration
Description:
Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.