CWE-595
Comparison of Object References Instead of Object Contents
Description
The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.
For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings' references, not their values.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Varies by Context
Potential Mitigations
In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now