CWE-1301

Insufficient or Incomplete Data Removal within Hardware Component

AI Translation Available

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed.

Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read memory read application data

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Alter the method of erasure, add protection of media, or destroy the media to protect the data.

• Apply blinding or masking techniques to implementations of cryptographic algorithms.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere memoria leggere dati applicazione

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Modifica il metodo di cancellazione, aggiungi protezione dei supporti o distruggi i supporti stessi per proteggere i dati.

• Applica tecniche di offuscamento o mascheramento alle implementazioni degli algoritmi crittografici.

CWE-1301

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter