CWE-766
Critical Data Element Declared Public
AI Translation Available
The product declares a critical variable, field, or member to be public when intended security policy requires it to be private.
Status
incomplete
Abstraction
base
Affected Platforms
C#
C++
Java
Extended Description
AI Translation
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
other
Impacts
read application data
modify application data
reduce maintainability
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
Descriptions:
•
Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering.