logo

CWE-454 - External Initialization of Trusted Variables or Data Stores

CWE-454

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

External Initialization of Trusted Variables or Data Stores

Description

The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.

A product system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.

Common Consequences

Scope: Integrity

Impact: Modify Application Data

Notes: An attacker could gain access to and modify sensitive data or system information.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-10-26

Free security scan for your website