External Initialization of Trusted Variables or Data Stores
Weakness ID: 454 (Weakness Base)Status: Draft
+ Description

Description Summary

The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.

Extended Description

A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. They may have been initialized incorrectly. If an attacker can initialize the variable, then he/she can influence what the vulnerable system will do.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms


PHP: (Sometimes)


Platform Notes

This is often found in PHP due to register_globals and the common practice of storing library/include files under the web document root so that they are available using a direct request.

+ Demonstrative Examples

Example 1

In the Java example below, a system property controls the debug level of the application. If an attacker is able to modify the system property, he may be able to coax the application into divulging sensitive information by virtue of the fact that additional debug information is printed/exposed as the debug level increases.

(Bad Code)
Example Language: Java 
int debugLevel = Integer.getInteger("com.domain.application.debugLevel").intValue();
+ Observed Examples
CVE-2000-0959Does not clear dangerous environment variables, enabling symlink attack.
CVE-2001-0033Specify alternate configuration directory in environment variable, enabling untrusted path.
CVE-2001-0872Dangerous environment variable not cleansed.
CVE-2001-0084Specify arbitrary modules using environment variable.
+ Potential Mitigations

A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary.

Phase: Architecture and Design

Avoid any external control of variables. If necessary, restrict the variables that can be modified using a whitelist, and use a different namespace or naming convention if possible.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory452Initialization and Cleanup Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base665Improper Initialization
Research Concepts (primary)1000
ChildOfCategoryCategory8082010 Top 25 - Weaknesses On the Cusp
Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)800
CanAlsoBeWeakness BaseWeakness Base456Missing Initialization
Research Concepts1000
+ Relationship Notes

Overlaps Missing variable initialization, especially in PHP.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERExternal initialization of trusted variables or values
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Description, Relationships, Other Notes, Taxonomy Mappings
2009-10-29CWE Content TeamMITREInternal
updated Other Notes, Relationship Notes
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11External Initialization of Trusted Variables or Values