CWE-1270
Generation of Incorrect Security Tokens
AI Translation Available
The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.
Status
incomplete
Abstraction
base
Affected Platforms
Extended Description
AI Translation
Systems-On-a-Chip (SoC) (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify actions originated from various agents. These actions could be 'read', 'write', 'program', 'reset', 'fetch', 'compute', etc. Security Tokens are generated and assigned to every agent on the SoC that is either capable of generating an action or receiving an action from another agent. Every agent could be assigned a unique, Security Token based on its trust level or privileges.
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
availability
access control
Impacts
modify files or directories
execute unauthorized code or commands
bypass protection mechanism
gain privileges or assume identity
read memory
modify memory
dos: crash, exit, or restart
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
- Generation of Security Tokens should be reviewed for design inconsistency and common weaknesses.
- Security-Token definition and programming flow should be tested in pre-silicon and post-silicon testing.