Category: Initialization and Cleanup Errors
Draft
Summary
Weaknesses in this category occur in behaviors that are used for initialization and breakdown.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1051 | Initialization with Hard-Coded Network Resource Configuration Data | The product initializes data using hard-coded values that act as network resource identifiers. |
| CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | The product initializes a data element using a hard-coded literal that is not a simple integer or static constant element. |
| CWE-1188 | Initialization of a Resource with an Insecure Default | The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. |
| CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
| CWE-454 | External Initialization of Trusted Variables or Data Stores | The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors. |
| CWE-455 | Non-exit on Failed Initialization | The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator. |
| CWE-459 | Incomplete Cleanup | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.