CWE-1188: Initialization of a Resource with an Insecure Default

BaseIncomplete

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

View on MITRE

Back to CWE Lookup

Extended Description

Developers often choose default values that leave the product as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value. However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it.

Technical Details

Structure: Simple

Applicable To

Languages

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1188

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references