CWE-1255β€”Comparison Logic is Vulnerable to Power Side-Channel Attacks

PUBLISHEDweakness record
released 2020-08-20 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1255
Abstraction:
Variant
Structure:
Simple
Status:
Draft
Release Date:
2020-08-20
Latest Modification Date:
2025-12-11

Weakness Name

Comparison Logic is Vulnerable to Power Side-Channel Attacks

Description

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a "good" entry and a "bad" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value.

Common Consequences

Scope:
Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation
Impact:
Modify Memory, Read Memory, Read Files or Directories, Modify Files or Directories, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Application Data, Modify Application Data, Hide Activities
Notes:
As compromising a security token may result in complete system control, the impacts are relatively universal.

Related Weaknesses