CWE-1258

Exposure of Sensitive System Information Due to Uncleared Debug Information

AI Translation Available

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

Status

draft

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.

Technical Details

AI Translation

Common Consequences

confidentiality access control

Impacts

read memory bypass protection mechanism

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Whenever debug mode is enabled, all registers containing sensitive assets must be cleared.

AI Generated Translation

Common Consequences

riservatezza controllo degli accessi

Impacts

leggere memoria elusione del meccanismo di protezione

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Ogni volta che la modalità di debug è abilitata, tutti i registri contenenti asset sensibili devono essere cancellati.

CWE-1258

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter