All posts by rocco

CWE

CWE-1275 – Sensitive Cookie with Improper SameSite Attribute

Read Time:1 Minute, 42 Second

Description

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: ‘Lax’, ‘Strict’, or ‘None’. If the ‘None’ value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-284
CWE-352

 

Consequences

Confidentiality, Integrity, Non-Repudiation, Access Control: Modify Application Data

If the website does not impose additional defense against CSRF attacks, failing to use the ‘Lax’ or ‘Strict’ values could increase the risk of exposure to CSRF attacks. The likelihood of the integrity breach is Low because a successful attack does not only depend on an insecure SameSite attribute. In order to perform a CSRF attack there are many conditions that must be met, such as the lack of CSRF tokens, no confirmations for sensitive actions on the website, a “simple” “Content-Type” header in the HTTP request and many more.

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

Set the SameSite attribute of a sensitive cookie to ‘Lax’ or ‘Strict’. This instructs the browser to apply this cookie only to same-domain requests, which provides a good Defense in Depth against CSRF attacks. When the ‘Lax’ value is in use, cookies are also sent for top-level cross-domain navigation via HTTP GET, HEAD, OPTIONS, and TRACE methods, but not for other HTTP methods that are more like to cause side-effects of state mutation.

While this mitigation is effective for protecting cookies from a browser’s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie.

CVE References

CWE

CWE-1276 – Hardware Child Block Incorrectly Connected to Parent System

Read Time:21 Second

Description

Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Availability: Varies by Context

 

Potential Mitigations

Phase: Testing

Description: 

System-level verification may be used to ensure that components are correctly connected and that design security requirements are not violated due to interactions between various IP blocks.

CVE References

CWE

CWE-1277 – Firmware Not Updateable

Read Time:1 Minute, 35 Second

Description

The product does not provide its
users with the ability to update or patch its
firmware to address any vulnerabilities or
weaknesses that may be present.

Without the ability to
patch or update firmware, consumers will be
left vulnerable to exploitation of any known
vulnerabilities, or any vulnerabilities that
are discovered in the future. This can expose
consumers to permanent risk throughout the
entire lifetime of the device, which could be
years or decades. Some external protective
measures and mitigations might be employed to
aid in preventing or reducing the risk of
malicious attack, but the root weakness cannot
be corrected.

Modes of Introduction:

– Requirements

 

 

Related Weaknesses

CWE-1329

 

Consequences

Confidentiality, Integrity, Access Control, Authentication, Authorization: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart

If an attacker can identify an exploitable vulnerability in one device that has no means of patching, the attack may be used against an entire class of devices.

 

Potential Mitigations

Phase: Requirements

Description: 

Specify requirements to include the ability to update the firmware. Include integrity checks and authentication to ensure that untrusted firmware cannot be installed.

Phase: Architecture and Design

Description: 

Design the device to allow for updating the firmware. Ensure that the design specifies how to distribute the updates and ensure their integrity and authentication.

Phase: Implementation

Description: 

Implement the necessary functionality to allow the firmware to be updated.

CVE References

  • CVE-2020-9054
    • Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are “end-of-support” and cannot be patched (CWE-1277). [REF-1097]
  • [REF-1095]
    • A hardware “smart lock” has weak key generation that allows attackers to steal the key by BLE sniffing, but the device’s firmware cannot be upgraded and hence remains vulnerable [REF-1095].
CWE

CWE-1278 – Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Read Time:39 Second

Description

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-693

 

Consequences

Confidentiality: Varies by Context

A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

The cost of secret extraction via IC reverse engineering should outweigh the potential value of the secrets being extracted. Threat model and value of secrets should be used to choose the technology used to safeguard those secrets. Examples include IC camouflaging and obfuscation, tamper-proof packaging, active shielding, and physical tampering detection information erasure.

CVE References

CWE

CWE-1279 – Cryptographic Operations are run Before Supporting Units are Ready

Read Time:49 Second

Description

Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.

Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-665

 

Consequences

Access Control, Confidentiality, Integrity, Availability, Accountability, Authentication, Authorization, Non-Repudiation: Varies by Context

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Best practices should be used to design cryptographic systems.

Phase: Implementation

Description: 

Continuously ensuring that cryptographic inputs are supplying valid information is necessary to ensure that the encrypted output is secure.

CVE References

CWE

CWE-128 – Wrap-around Error

Read Time:1 Minute, 27 Second

Description

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore “wraps around” to a very small, negative, or undefined value.

Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may “wrap” to very large negative values.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-682
CWE-119
CWE-190

 

Consequences

Availability: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability

This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.

Integrity: Modify Memory

If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.

Confidentiality, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism

This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program’s implicit security policy.

 

Potential Mitigations

Phase:

Description: 

Requirements specification: The choice could be made to use a language that is not susceptible to these issues.

Phase: Architecture and Design

Description: 

Provide clear upper and lower bounds on the scale of any protocols designed.

Phase: Implementation

Description: 

Perform validation on all incremented variables to ensure that they remain within reasonable bounds.

CVE References

CWE

CWE-1280 – Access Control Check Implemented After Asset is Accessed

Read Time:23 Second

Description

A product’s hardware-based access control check occurs after the asset has been accessed.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-696
CWE-284

 

Consequences

Access Control, Confidentiality, Integrity: Modify Memory, Read Memory, Modify Application Data, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation

Description: 

Implement the access control check first. Access should only be given to asset if agent is authorized.

CVE References

CWE

CWE-1281 – Sequence of Processor Instructions Leads to Unexpected Behavior

Read Time:38 Second

Description

Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-691

 

Consequences

Integrity, Availability: Varies by Context

 

Potential Mitigations

Phase: Testing

Description: 

Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences.

Phase: Patching and Maintenance

Description: 

Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior. See [REF-1108].

CVE References

  • CVE-1999-1476
    • A bug in some Intel Pentium processors allow DoS (hang) via an invalid “CMPXCHG8B” instruction, causing a deadlock
CWE

CWE-1282 – Assumed-Immutable Data is Stored in Writable Memory

Read Time:21 Second

Description

Immutable data, such as a first-stage bootloader, device identifiers, and “write-once” configuration settings are stored in writable memory that can be re-programmed or updated in the field.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-668
CWE-471

 

Consequences

Integrity: Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

All immutable code or data should be programmed into ROM or write-once memory.

CVE References

CWE

CWE-1283 – Mutable Attestation or Measurement Reporting Data

Read Time:15 Second

Description

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References