CWE-597β€”Use of Wrong Operator in String Comparison

PUBLISHEDweakness record
released 2006-12-15 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-597
Abstraction:
Variant
Structure:
Simple
Status:
Draft
Release Date:
2006-12-15
Latest Modification Date:
2025-12-11

Weakness Name

Use of Wrong Operator in String Comparison

Description

The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.

In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.

Common Consequences

Scope:
Other
Impact:
Other

Related Weaknesses