CWE-1242β€”Inclusion of Undocumented Features or Chicken Bits

PUBLISHEDweakness record
released 2020-02-24 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1242
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2020-02-24
Latest Modification Date:
2025-12-11

Weakness Name

Inclusion of Undocumented Features or Chicken Bits

Description

The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.

A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as "chicken bits". They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features.

Common Consequences

Scope:
Confidentiality, Integrity, Availability, Access Control
Impact:
Modify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism
Notes:
An attacker might exploit these interfaces for unauthorized access.

Related Weaknesses