1. Home
  2. Weaknesses
  3. CWE-498

CWE-498: Cloneable Class Containing Sensitive Information

ID CWE-498
Abstraction Variant
Structure Simple
Status Draft
Detail Web & Social
The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language C++
Language Java
Language C#

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-668 Exposure of Resource to Wrong Sphere Class Simple Draft
CWE-1000 Research Concepts Draft CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Class Simple Draft