Description
Sensitive information in clear text on the JTAG
interface may be examined by an eavesdropper, e.g.
by placing a probe device on the interface such as a logic
analyzer, or a corresponding software technique.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-300
Consequences
Confidentiality: Read Memory, Read Files or Directories, Read Application Data
Potential Mitigations
Phase: Manufacturing
Effectiveness: High
Description:
Disable permanently the JTAG interface before releasing the system to untrusted users.
Phase: Architecture and Design
Effectiveness: High
Description:
Encrypt all information (traffic) on the JTAG interface using an approved algorithm (such as recommended by NIST). Encrypt the path from inside the chip to the trusted user application.
Phase: Implementation
Effectiveness: High
Description:
Block access to secret data from JTAG.
CVE References
