Description
The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.
Potential Impact
Other
Reduce Reliability
Related Weaknesses
Taxonomy Mappings
- OMG ASCRM: ASCRM-RLB-12 —
Frequently Asked Questions
What is CWE-1096?
CWE-1096 (Singleton Class Instance Creation without Proper Locking or Synchronization) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.
How can CWE-1096 be exploited?
Attackers can exploit CWE-1096 (Singleton Class Instance Creation without Proper Locking or Synchronization) to reduce reliability. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1096?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1096?
CWE-1096 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.