The software declares a critical variable or field to be public when intended security policy requires it to be private.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
C++
C#
Java
Common Consequences
Scope
Effect
Integrity
Confidentiality
Technical Impact: Read application
data; Modify application
data
Making a critical variable public allows anyone with access to the
object in which the variable is contained to alter or read the value.
Likelihood of Exploit
Low to Medium
Demonstrative Examples
Example 1
The following example declares a critical variable public, making it
accessible to anyone with access to the object in which it is
contained.
(Bad Code)
Example
Language: C++
public: char* password;
Instead, the critical data should be declared private.
(Good Code)
Example
Language: C++
private: char* password;
Even though this example declares the password to be private, there are other possible issues with this implementation, such as the possibility of recovering the password from process memory (CWE-257).
Example 2
The following example shows a basic user account class that includes
member variables for the username and password as well as a public
constructor for the class and a public method to authorize access to the
user account.
(Bad Code)
Example
Language: C++
#define MAX_PASSWORD_LENGTH 15
#define MAX_USERNAME_LENGTH 15
class UserAccount
{
public:
UserAccount(char *username, char *password)
{
if ((strlen(username) > MAX_USERNAME_LENGTH)
||
(strlen(password) > MAX_PASSWORD_LENGTH)) {
ExitError("Invalid username or password");
}
strcpy(this->username, username);
strcpy(this->password, password);
}
int authorizeAccess(char *username, char *password)
{
if ((strlen(username) > MAX_USERNAME_LENGTH) ||
(strlen(password) > MAX_PASSWORD_LENGTH)) {
ExitError("Invalid username or password");
}
// if the username and password in the input parameters
are equal to
// the username and password of this account class then
authorize access
if (strcmp(this->username, username) ||
strcmp(this->password, password))
return 0;
// otherwise do not authorize access
else
return 1;
}
char username[MAX_USERNAME_LENGTH+1];
char password[MAX_PASSWORD_LENGTH+1];
};
However, the member variables username and password are declared
public and therefore will allow access and changes to the member
variables to anyone with access to the object. These member variables
should be declared private as shown below to prevent unauthorized access
and changes.
variables declared public allows remote read of
system properties such as user name and home
directory.
Potential Mitigations
Phase: Implementation
Data should be private, static, and final whenever possible. This will
assure that your code is protected by instantiating early, preventing
access, and preventing tampering.
Description
