Tag Archives: CWE- 1271

CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings

Read Time:23 Second

Description

Security-critical logic is not set to a known value on reset.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-665

 

Consequences

Access Control, Authentication, Authorization: Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.

Phase: Architecture and Design

Description: 

All registers holding security-critical information should be set to a specific value on reset.

CVE References