Category: Initialization and Cleanup Errors
Draft
Summary
Weaknesses in this category occur in behaviors that are used for initialization and breakdown.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1051 | Initialization with Hard-Coded Network Resource Configuration Data | This vulnerability occurs when software uses fixed, hard-coded values—like IP addresses, domain names, or URLs—to identify network resources during its startup or configuration phase. |
| CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | This weakness occurs when software initializes variables or data structures using hard-coded values (like strings, file paths, or network addresses) instead of configurable constants or parameters. While simple numbers or true constants are acceptable, embedding non-trivial literals directly in code creates maintenance and security risks. |
| CWE-1188 | Initialization of a Resource with an Insecure Default | This vulnerability occurs when software uses an insecure default setting or value for a resource, assuming an administrator will change it later. |
| CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | This vulnerability occurs when an application stores or transmits a resource containing sensitive data without properly cleaning it first, potentially exposing that information to unauthorized parties. |
| CWE-454 | External Initialization of Trusted Variables or Data Stores | This vulnerability occurs when an application sets up its critical internal variables or storage systems using data from untrusted, external sources that an attacker could control. |
| CWE-455 | Non-exit on Failed Initialization | This vulnerability occurs when software continues to run as normal after encountering a critical security failure during its startup process. Instead of halting or entering a safe mode, the application proceeds with weakened or missing security controls, leaving it exposed. |
| CWE-459 | Incomplete Cleanup | This vulnerability occurs when an application fails to properly remove temporary files, data structures, or system resources after they are no longer needed. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.