All posts by rocco

CWE

CWE-1284 – Improper Validation of Specified Quantity in Input

Read Time:33 Second

Description

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-20

 

Consequences

Other: Varies by Context

Since quantities are used so often to affect resource allocation or process financial data, they are often present in many places in the code.

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

CVE References

  • CVE-2008-1440
    • lack of validation of length field leads to infinite loop
  • CVE-2008-2374
    • lack of validation of string length fields allows memory consumption or buffer over-read
CWE

CWE-1285 – Improper Validation of Specified Index, Position, or Offset in Input

Read Time:27 Second

Description

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-20

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

CVE References

  • CVE-2001-1009
    • negative array index as argument to POP LIST command
CWE

CWE-1286 – Improper Validation of Syntactic Correctness of Input

Read Time:22 Second

Description

The product receives input that is expected to be well-formed – i.e., to comply with a certain syntax – but it does not validate or incorrectly validates that the input complies with the syntax.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-20

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

CVE References

  • CVE-2007-5893
    • HTTP request with missing protocol version number leads to crash
CWE

CWE-1250 – Improper Preservation of Consistency Between Independent Representations of Shared State

Read Time:18 Second

Description

The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data – such as state or cache – but the product does not ensure that all local copies remain consistent with each other.

Modes of Introduction:

 

 

Related Weaknesses

CWE-664

 

Consequences

 

Potential Mitigations

CVE References

CWE

CWE-1251 – Mirrored Regions with Different Values

Read Time:15 Second

Description

The product’s architecture mirrors regions without ensuring that their contents always stay in sync.

Modes of Introduction:

 

 

Related Weaknesses

CWE-1250

 

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Varies by Context

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness: Moderate

Description: 

CVE References

CWE

CWE-1252 – CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations

Read Time:19 Second

Description

The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity: Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Phase: Integration

Description: 

CVE References

CWE

CWE-1253 – Incorrect Selection of Fuse Values

Read Time:33 Second

Description

The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-693

 

Consequences

Access Control, Authorization: Bypass Protection Mechanism, Gain Privileges or Assume Identity

Availability: DoS: Crash, Exit, or Restart

Confidentiality: Read Memory

Integrity: Modify Memory, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.

CVE References

CWE

CWE-1254 – Incorrect Comparison Logic Granularity

Read Time:44 Second

Description

The product’s comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-208
CWE-697

 

Consequences

Confidentiality, Authorization: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation

Description: 

CVE References

  • CVE-2014-0984
    • The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
CWE

CWE-1255 – Comparison Logic is Vulnerable to Power Side-Channel Attacks

Read Time:1 Minute, 35 Second

Description

A device’s real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1300
CWE-1259

 

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Modify Memory, Read Memory, Read Files or Directories, Modify Files or Directories, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Application Data, Modify Application Data, Hide Activities

As compromising a security token may result in complete system control, the impacts are relatively universal

 

Potential Mitigations

Phase: Architecture and Design

Description: 

The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check.

Phase: Architecture and Design

Description: 

Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.

Phase: Architecture and Design

Description: 

An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator.

Phase: Implementation

Description: 

If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements.

Phase: Integration

Description: 

During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use.

CVE References

  • CVE-2020-12788
    • CMAC verification vulnerable to timing and power attacks.
CWE

CWE-1256 – Improper Restriction of Software Interfaces to Hardware Features

Read Time:55 Second

Description

The product provides software-controllable
device functionality for capabilities such as power and
clock management, but it does not properly limit
functionality that can lead to modification of
hardware memory or register bits, or the ability to
observe physical side channels.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-285

 

Consequences

Integrity: Modify Memory, Modify Application Data, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

CVE References

  • CVE-2019-11157
    • Plundervolt: Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access [REF-1081].
  • CVE-2020-8694
    • PLATYPUS Attack: Insufficient access control in the Linux kernel driver for some Intel processors allows information disclosure.
  • CVE-2020-8695
    • Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.
  • CVE-2020-12912
    • AMD extension to a Linux service does not require privileged access to the RAPL interface, allowing side-channel attacks.
  • CVE-2015-0565
    • NaCl in 2015 allowed the CLFLUSH instruction, making Rowhammer attacks possible.