CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug Information

PUBLISHEDweakness record
released 2020-02-24 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1258
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2020-02-24
更新日期:
2025-12-11

名称

Exposure of Sensitive System Information Due to Uncleared Debug Information

描述

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.

常见后果

范围:
Confidentiality
影响:
Read Memory
范围:
Access Control
影响:
Bypass Protection Mechanism

相关 CWE