CWE-1242
Inclusion of Undocumented Features or Chicken Bits
AI Translation Available
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Status
incomplete
Abstraction
base
Affected Platforms
Not Technology-Specific
ICS/OT
Extended Description
AI Translation
A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as 'chicken bits'. They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features.
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
availability
access control
Impacts
modify memory
read memory
execute unauthorized code or commands
gain privileges or assume identity
bypass protection mechanism
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.