Back to CWE list
CWE-498
Cloneable Class Containing Sensitive Information
Variant
Draft
Description
The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.
Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Access Control
Impact
Bypass Protection Mechanism
Potential Mitigations
Implementation
If you do make your classes clonable, ensure that your clone method is final and throw super.clone().
Applicable Platforms
Object-Oriented
C++
Java
C#
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now