Tag Archives: Missing Security Identifier

CWE-1302 – Missing Security Identifier

Read Time:32 Second

Description

The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1294

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Transaction details must be reviewed for design inconsistency and common weaknesses.

Phase: Implementation

Description: 

Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing.

CVE References