Tag Archives: Insecure Security Identifier Mechanism

CWE-1294 – Insecure Security Identifier Mechanism

Read Time:33 Second

Description

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses.

Phase: Implementation

Description: 

Access and programming flows must be tested in pre-silicon and post-silicon testing.

CVE References