CWE-1271

Uninitialized Value on Reset for Registers Holding Security Settings

AI Translation Available

Security-critical logic is not set to a known value on reset.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack.

Technical Details

AI Translation

Common Consequences

access control authentication authorization

Impacts

varies by context

Potential Mitigations

Phases:

implementation architecture and design

Descriptions:

• All registers holding security-critical information should be set to a specific value on reset.

• Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.

AI Generated Translation

Common Consequences

controllo degli accessi autenticazione autorizzazione

Impacts

varia dal contesto

Potential Mitigations

Phases:

implementazione architettura e design

Descriptions:

• Tutti i registri che contengono informazioni critiche per la sicurezza dovrebbero essere impostati su un valore specifico al reset.

• I controlli di progettazione dovrebbero essere eseguiti per identificare eventuali flip-flop non inizializzati utilizzati per funzioni critiche per la sicurezza.

CWE-1271

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter