Tag Archives: CWE- 1301

CWE-1301 – Insufficient or Incomplete Data Removal within Hardware Component

Read Time:23 Second

Description

The product’s data removal process does not completely delete all data and potentially sensitive information within hardware components.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-226

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Apply blinding or masking techniques to implementations of cryptographic algorithms.

Phase: Implementation

Description: 

Alter the method of erasure, add protection of media, or destroy the media to protect the data.

CVE References