CWE-1188

Initialization of a Resource with an Insecure Default

Base

What it is

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

Impact

Other

Varies by Context

Real-world CVE examples

CVE-2022-36349 — insecure default variable initialization in BIOS firmware for a hardware board allows DoS
CVE-2022-42467 — A generic database browser interface has a default mode that exposes a web server to the network, allowing queries to the database.

Related weaknesses

CWE-1419 (childof)CWE-344 (childof)CWE-665 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →