CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.1)  

CWE-453: Insecure Default Variable Initialization

 
Insecure Default Variable Initialization
Weakness ID: 453 (Weakness Base)Status: Draft
+ Description

Description Summary

The software, by default, initializes an internal variable with an insecure or less secure value than is possible.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

PHP: (Sometimes)

All

+ Common Consequences
ScopeEffect
Integrity

Technical Impact: Modify application data

+ Potential Mitigations

Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory452Initialization and Cleanup Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base665Improper Initialization
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERInsecure default variable initialization
+ Maintenance Notes

This overlaps other categories, probably should be split into separate items.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2010-06-21CWE Content TeamMITREInternal
updated Maintenance_Notes, Other_Notes
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
Page Last Updated: September 12, 2011