logo

CWE-1255 - Comparison Logic is Vulnerable to Power Side-Channel Attacks

CWE-1255

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Comparison Logic is Vulnerable to Power Side-Channel Attacks

Description

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a "good" entry and a "bad" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value.

Common Consequences

Scope: Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation

Impact: Modify Memory, Read Memory, Read Files or Directories, Modify Files or Directories, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Application Data, Modify Application Data, Hide Activities

Notes: As compromising a security token may result in complete system control, the impacts are relatively universal.

Related Weaknesses
  • Release Date:
  • 2020-08-20
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website