CWE-453
Insecure Default Variable Initialization
The product, by default, initializes an internal variable with an insecure or less secure value than is possible.
Mitigation
Phase: System Configuration
Description:
- Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.
No CAPEC attack patterns related to this CWE.