CWE-1061β€”Insufficient Encapsulation

PUBLISHEDweakness record
released 2019-01-03 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1061
Abstraction:
Class
Structure:
Simple
Status:
Incomplete
Release Date:
2019-01-03
Latest Modification Date:
2025-12-11

Weakness Name

Insufficient Encapsulation

Description

The product does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.

Common Consequences

Scope:
Access Control
Impact:
Varies by Context, Bypass Protection Mechanism
Notes:
An attacker can access data or methods that were not intended to be accessible.
Scope:
Other
Impact:
Reduce Maintainability, Increase Analytical Complexity
Notes:
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

Related Weaknesses