CWE-1275 – Sensitive Cookie with Improper SameSite Attribute

Read Time:1 Minute, 42 Second

Description

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: ‘Lax’, ‘Strict’, or ‘None’. If the ‘None’ value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-284
CWE-352

 

Consequences

Confidentiality, Integrity, Non-Repudiation, Access Control: Modify Application Data

If the website does not impose additional defense against CSRF attacks, failing to use the ‘Lax’ or ‘Strict’ values could increase the risk of exposure to CSRF attacks. The likelihood of the integrity breach is Low because a successful attack does not only depend on an insecure SameSite attribute. In order to perform a CSRF attack there are many conditions that must be met, such as the lack of CSRF tokens, no confirmations for sensitive actions on the website, a “simple” “Content-Type” header in the HTTP request and many more.

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

Set the SameSite attribute of a sensitive cookie to ‘Lax’ or ‘Strict’. This instructs the browser to apply this cookie only to same-domain requests, which provides a good Defense in Depth against CSRF attacks. When the ‘Lax’ value is in use, cookies are also sent for top-level cross-domain navigation via HTTP GET, HEAD, OPTIONS, and TRACE methods, but not for other HTTP methods that are more like to cause side-effects of state mutation.

While this mitigation is effective for protecting cookies from a browser’s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie.

CVE References

CWE-1274 – Improper Access Control for Volatile Memory Containing Boot Code

Read Time:40 Second

Description

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Access Control, Integrity: Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.

Phase: Testing

Description: 

Test the volatile-memory protections to ensure they are safe from modification or untrusted code.

CVE References

  • CVE-2019-2267
    • Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.

CWE-1272 – Sensitive Information Uncleared Before Debug/Power State Transition

Read Time:44 Second

Description

The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-226
CWE-200

 

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Read Memory, Read Application Data

Sensitive information may be used to unlock additional capabilities of the device and take advantage of hidden functionalities which could be used to compromise device security.

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

During state transitions, information not needed in the next state should be removed before the transition to the next state.

CVE References

  • CVE-2020-12926
    • Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.

CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings

Read Time:23 Second

Description

Security-critical logic is not set to a known value on reset.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-665

 

Consequences

Access Control, Authentication, Authorization: Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.

Phase: Architecture and Design

Description: 

All registers holding security-critical information should be set to a specific value on reset.

CVE References

CWE-1270 – Generation of Incorrect Security Tokens

Read Time:27 Second

Description

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284
CWE-1294

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Files or Directories, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Memory, Modify Memory, DoS: Crash, Exit, or Restart

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

CVE References

CWE-127 – Buffer Under-read

Read Time:46 Second

Description

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-125
CWE-786

 

Consequences

Confidentiality: Read Memory

Confidentiality: Bypass Protection Mechanism

By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

 

Potential Mitigations

CVE References

CWE-1269 – Product Released in Non-Release Configuration

Read Time:1 Minute, 24 Second

Description

The product released to market is released in pre-production or manufacturing configuration.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-693

 

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Other

 

Potential Mitigations

Phase: Implementation

Description: 

Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown).

Phase: Integration

Description: 

Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown).

Phase: Manufacturing

Description: 

Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown).

CVE References

  • CVE-2019-13945
    • Regarding SSA-686531, a hardware based manufacturing access on S7-1200 and
      S7-200 SMART has occurred. A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication, no public exploitation of this security vulnerability was known.
  • CVE-2018-4251
    • Laptops with Intel chipsets were found to be running in Manufacturing Mode. After this information was reported to the OEM, the vulnerability (CVE-2018-4251) was patched disallowing access to the interface.

CWE-1268 – Policy Privileges are not Assigned Consistently Between Control and Data Agents

Read Time:29 Second

Description

The product’s hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Files or Directories, Reduce Reliability

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing.

CVE References

CWE-1267 – Policy Uses Obsolete Encoding

Read Time:22 Second

Description

The product uses an obsolete encoding mechanism to implement access controls.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, Modify Files or Directories, Read Files or Directories, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Reduce Reliability

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Effectiveness: High

Description: 

CVE References