Description

The same public key is used for signing both debug and production code.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-693
CWE-321

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation, Other: Read Memory, Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Varies by Context

Potential Mitigations

Phase: Implementation

Description: 

Use different keys for Production and Debug

CVE References