logo

CWE-498 - Cloneable Class Containing Sensitive Information

CWE-498 Medium

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Cloneable Class Containing Sensitive Information

Description

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

Common Consequences

Scope: Access Control

Impact: Bypass Protection Mechanism

Notes: A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed.

Related Weaknesses

CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

CWE-668Exposure of Resource to Wrong Sphere

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website