Read Time:38 Second
Description
The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity, Confidentiality: Read Application Data, Modify Application Data
Making a critical variable public allows anyone with access to the object in which the variable is contained to alter or read the value.
Other: Reduce Maintainability
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering.
CVE References
- CVE-2010-3860
- variables declared public allows remote read of system properties such as user name and home directory.