Reliance on Package-level Scope
This weakness occurs when a Java application mistakenly treats package-level access as a security boundary, assuming it can prevent unauthorized access to code.
In Java, the package-private scope (declared without `public`, `protected`, or `private`) is a development convenience, not a security feature. Its primary role is to organize code and prevent accidental coupling between unrelated parts of the application within the same program. However, because Java packages are not sealed or closed environments, other code can easily be placed in the same package—either intentionally or through classpath manipulation—to bypass this access restriction. Relying on package scope for security creates a false sense of protection. Attackers or malicious code can exploit this by defining classes within the targeted package, gaining full access to package-private members. For true access control, developers should use the Security Manager, proper module boundaries (Java Platform Module System), or explicit security checks, rather than depending on visibility modifiers alone.
Impact: Read Application Data
Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
Impact: Modify Application Data
The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed.
Code Example:
javaMedium
- CLASP
- The CERT Oracle Secure Coding Standard for Java (2011)