CWE-498: Cloneable Class Containing Sensitive Information

VariantDraftExploit Likelihood: Medium

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

View on MITRE

Back to CWE Lookup

Extended Description

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

Technical Details

Structure: Simple

Applicable To

Languages

C++JavaC#

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-498

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references