CWE-1090: Method Containing Access of a Member Element from Another Class
Learn about CWE-1090 (Method Containing Access of a Member Element from Another Class), its security impact, exploitation methods, and prevention guidelines.
What is Method Containing Access of a Member Element from Another Class?
• Overview: A method in one class accesses a private or protected member of another class directly, bypassing proper encapsulation. This can lead to maintenance challenges and potential security issues, as the code becomes harder to understand and more prone to vulnerabilities.
• Exploitation Methods:
- Attackers might exploit this by forcing the code to behave in unintended ways, potentially accessing or manipulating sensitive data.
- Common attack patterns include manipulating the code flow or exploiting the exposed member to inject malicious data.
• Security Impact:
- Direct consequences include unauthorized access to data, leading to data leaks or corruption.
- Potential cascading effects could involve more severe security breaches as attackers find more entry points.
- Business impact includes increased risk of data breaches, loss of customer trust, and potential legal consequences.
• Prevention Guidelines:
- Use proper encapsulation by accessing member elements through getters and setters.
- Implement access control mechanisms to enforce class boundaries.
- Utilize static code analysis tools to identify and fix encapsulation issues.
- Adopt object-oriented design principles to maintain clear boundaries between classes.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not specified
Affected Technologies: Not specified