Access to Critical Private Variable via Public Method

Description

This vulnerability occurs when a class exposes a public method that directly accesses or alters a private variable.

Extended Description

Exposing a private variable through a public method breaks a core principle of encapsulation. It allows external code, including potential attacker-controlled inputs, to bypass intended controls and directly manipulate sensitive internal data. This can lead to the variable holding values the rest of the codebase never expects, corrupting the application's state and violating critical security assumptions. Beyond unexpected modification, this flaw can also lead to information disclosure. An attacker might use the public method to read the private variable's contents, potentially leaking sensitive data like internal flags, cryptographic keys, or user information. This exposed data not only compromises confidentiality but can also provide attackers with the insights needed to craft more sophisticated and targeted follow-up attacks.

Common Consequences 1

Scope: IntegrityOther

Impact: Modify Application DataOther

Potential Mitigations 1

Phase: Implementation

Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.

Demonstrative Examples 2

The following example declares a critical variable to be private, and then allows the variable to be modified by public methods.

Code Example:Bad
C++
c++

The following example could be used to implement a user forum where a single user (UID) can switch between multiple profiles (PID).

Code Example:Bad
Java
java

The programmer implemented setPID with the intention of modifying the PID variable, but due to a typo. accidentally specified the critical variable UID instead. If the program allows profile IDs to be between 1 and 10, but a UID of 1 means the user is treated as an admin, then a user could gain administrative privileges as a result of this typo.

Applicable Platforms

Languages:

C++ : UndeterminedC# : UndeterminedJava : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Exposure of Resource to Wrong Sphere (CWE-668)

Taxonomy Mapping

CLASP
Software Fault Patterns
SEI CERT Perl Coding Standard

Notes

MaintenanceThis entry is closely associated with access control for public methods. If the public methods are restricted with proper access controls, then the information in the private variable will not be exposed to unexpected parties. There may be chaining or composite relationships between improper access controls and this weakness.