CWE-453

Insecure Default Variable Initialization

The product, by default, initializes an internal variable with an insecure or less secure value than is possible.

Mitigation

Phase: System Configuration

Description:

  • Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page