CWE-1243Sensitive Non-Volatile Information Not Protected During Debug

PUBLISHEDweakness record
released 2020-02-24 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1243
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2020-02-24
更新日期:
2025-12-11

名称

Sensitive Non-Volatile Information Not Protected During Debug

描述

Access to security-sensitive information stored in fuses is not limited during debug.

Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided.

常见后果

范围:
Confidentiality, Access Control
影响:
Modify Memory, Read Memory, Bypass Protection Mechanism
注释:
If these locations are not blocked during debug operations, it can allow a user to access this sensitive information.

相关 CWE