Insufficient Encapsulation
Weakness ID: 485 (Weakness Class)Status: Draft
+ Description

Description Summary

The product does not sufficiently encapsulate critical data or functionality.

Extended Description

Encapsulation is about drawing strong boundaries. In a web browser that might mean ensuring that your mobile code cannot be abused by other mobile code. On the server it might mean differentiation between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.

+ Terminology Notes

The "encapsulation" term is used in multiple ways. WIthin some security sources, the term is used to describe the establishment of boundaries between different control spheres. Within general computing circles, it is more about hiding implementation details and maintainability than security. Even within the security usage, there is also a question of whether "encapsulation" encompasses the entire range

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Potential Mitigations

Implement appropriate encapsulation to protect critical data or functionality.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class216Containment Errors (Container Errors)
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant486Comparison of Classes by Name
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts1000
ParentOfWeakness VariantWeakness Variant487Reliance on Package-level Scope
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant488Data Leak Between Sessions
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base489Leftover Debug Code
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfCategoryCategory490Mobile Code Issues
Development Concepts699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant491Public cloneable() Method Without Final ('Object Hijack')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant492Use of Inner Class Containing Sensitive Data
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant493Critical Public Variable Without Final Modifier
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant495Private Array-Typed Field Returned From A Public Method
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant496Public Data Assigned to Private Array-Typed Field
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant497Exposure of System Data to an Unauthorized Control Sphere
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant498Information Leak through Class Cloning
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant499Serializable Class Containing Sensitive Data
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base501Trust Boundary Violation
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant502Deserialization of Untrusted Data
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant545Use of Dynamic Class Loading
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant580clone() Method Without super.clone()
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant594J2EE Framework: Saving Unserializable Objects to Disk
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant607Public Static Final Field References Mutable Object
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base749Exposed Dangerous Method or Function
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant766Critical Variable Declared Public
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant767Access to Critical Private Variable via Public Method
Development Concepts (primary)699
Research Concepts1000
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsEncapsulation
+ Maintenance Notes

This node has to be considered in relation to CWE-732 and CWE-269.

See terminology notes on the multiple uses of the "encapsulation" term.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Maintenance Notes, Relationships, Taxonomy Mappings, Terminology Notes
2008-11-24CWE Content TeamMITREInternal
updated Relationships
2009-05-27CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Encapsulation
Back to top