CWE-1271 - Uninitialized Value on Reset for Registers Holding Security Settings
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2020-02-24
- Latest Modification Date:2023-06-29
Weakness Name
Uninitialized Value on Reset for Registers Holding Security Settings
Description
Security-critical logic is not set to a known value on reset.
When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack.
Common Consequences
Scope: Access Control, Authentication, Authorization
Impact: Varies by Context