Access to Critical Private Variable via Public Method
Incomplete Base
Structure: Simple
Description
The product defines a public method that reads or modifies a private variable.
If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.
Common Consequences 1
Scope: IntegrityOther
Impact: Modify Application DataOther
Potential Mitigations 1
Phase: Implementation
Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
Demonstrative Examples 2
The following example declares a critical variable to be private, and then allows the variable to be modified by public methods.
Code Example:
Bad
C++
c++The following example could be used to implement a user forum where a single user (UID) can switch between multiple profiles (PID).
Code Example:
Bad
Java
javaThe programmer implemented setPID with the intention of modifying the PID variable, but due to a typo. accidentally specified the critical variable UID instead. If the program allows profile IDs to be between 1 and 10, but a UID of 1 means the user is treated as an admin, then a user could gain administrative privileges as a result of this typo.
Applicable Platforms
Languages:
C++ : UndeterminedC# : UndeterminedJava : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
Taxonomy Mapping
- CLASP
- Software Fault Patterns
- SEI CERT Perl Coding Standard
Notes
MaintenanceThis entry is closely associated with access control for public methods. If the public methods are restricted with proper access controls, then the information in the private variable will not be exposed to unexpected parties. There may be chaining or composite relationships between improper access controls and this weakness.