CWE-1258 – Exposure of Sensitive System Information Due to Uncleared Debug Information

Read Time:17 Second

Description

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-212
CWE-200

 

Consequences

Confidentiality: Read Memory

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References