CWE-766: Critical Data Element Declared Public

CWE-766: Critical Data Element Declared Public | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following example declares a critical variable public, making it accessible to anyone with access to the object in which it is contained.

Vulnerable example

cpp

public: char* password;

Safe example

cpp

private: char* password;

The following example shows a basic user account class that includes member variables for the username and password as well as a public constructor for the class and a public method to authorize access to the user account.

Vulnerable example

cpp

#define MAX_PASSWORD_LENGTH 15

Safe example

cpp

class UserAccount

However, the member variables username and password are declared public and therefore will allow access and changes to the member variables to anyone with access to the object. These member variables should be declared private as shown below to prevent unauthorized access and changes.

CWE-766: Critical Data Element Declared Public

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-766?

How do you prevent CWE-766?

How is CWE-766 detected?

What are the consequences of CWE-766?

References

Stay ahead of CWE-766

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-766?

How do you prevent CWE-766?

How is CWE-766 detected?

What are the consequences of CWE-766?

References

Stay ahead of CWE-766