Description
The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Confidentiality, Integrity, Access Control, Authentication, Authorization, Availability, Accountability, Non-Repudiation: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, Modify Memory, Modify Files or Directories
The impact depends on the confidential information itself and who is inadvertently granted access. For example, if the confidential information is a key that can unlock all the parts of a generation, the impact could be severe.
Potential Mitigations
Phase: Architecture and Design
Effectiveness: Moderate
Description: