Cloneable Class Containing Sensitive Information
This vulnerability occurs when a class containing sensitive information, such as credentials or personal data, is made cloneable. Attackers can bypass normal initialization and access the sensitive data by creating a copy of the object.
When a class implements the Cloneable interface without proper safeguards, it effectively becomes an open book. The clone() method can create copies of the object without calling its constructor, allowing any other class in the application to duplicate instances and directly access their internal, sensitive fields. This bypasses any security checks or initialization logic you might have placed in the constructor. To prevent this, you should explicitly deny cloning for classes that handle sensitive data. You can achieve this by declaring a clone() method that throws a CloneNotSupportedException. This simple step ensures your object's internal state remains controlled and prevents unintended data exposure through object duplication.
Impact: Bypass Protection Mechanism
A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed.
Code Example:
javaCode Example:
javaMedium
- CLASP
- The CERT Oracle Secure Coding Standard for Java (2011)
- Software Fault Patterns