CWE-1097: Persistent Storable Data Element without Associated Comparison Control Element
The product uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison.
Last updated
Overview
CWE-1097 (Persistent Storable Data Element without Associated Comparison Control Element) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Background
For example, with Java, a class that is made persistent requires both hashCode() and equals() methods to be defined.
Common consequences
What can happen when CWE-1097 is exploited.
Reduce Reliability
Affects: Other
This issue can prevent the product from running reliably, due to incorrect or unexpected comparison results. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.