CXX.MEMBER.IMPORTANT.PRIVATE

Important member data shall be private

Software declares an important variable, field, or member as public when private variables are required for the intended security policy.

Declaring an important variable public means that anyone who can access the contained object can access it.

Mitigation and prevention

Important member data such as user names, passwords, and so on, should always be made private.

Vulnerable code example

1
public: char* password;

The above example declares the important variable public so that anyone who has access to the contained object can access it.