logo

CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information

CWE-1258

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Exposure of Sensitive System Information Due to Uncleared Debug Information

Description

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.

Common Consequences

Scope: Confidentiality

Impact: Read Memory

Scope: Access Control

Impact: Bypass Protection Mechanism

Related Weaknesses

CWE-212Improper Removal of Sensitive Information Before Storage or Transfer

CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

  • Release Date:
  • 2020-02-24
  • Latest Modification Date:
  • 2024-07-16

Free security scan for your website