Description
The software defines a public method that reads or modifies a private variable.
If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
CWE-668
Consequences
Integrity, Other: Modify Application Data, Other
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
CVE References
