CWE-489

Active Debug Code

Base

Draft

The product is released with debugging code still enabled or active.

Parent Weaknesses (ChildOf)

Related Weaknesses

Scope

Confidentiality

Integrity

Availability

Access Control

Other

Impact

Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context

Build and Compilation

Distribution

Remove debug code before deploying the application.

smartphone is built for production with debugging code present, allowing local privilege escalation

network hub contains active debug code, which allows users to execute arbitrary OS commands using a debug function

Mesh Wi-Fi router has active debug code, allowing attackers to modify device settings

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.