Read Time:27 Second
Description
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Read Memory, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context
Potential Mitigations
Phase: Implementation
Description:
Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response.
CVE References
- CVE-2017-18326
- modem debug messages include cryptographic keys