CWE-1431 - Driving Intermediate Cryptographic State/Results to Hardware Module Outputs

CWE ID:

CWE-1431

Abstraction:Base
Structure:Simple
Status:Incomplete

Release Date:2025-04-03
Latest Modification Date:2025-04-03

Weakness Name

Driving Intermediate Cryptographic State/Results to Hardware Module Outputs

Description

The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of its cryptographic operations via one of its output wires (typically the output port containing the final result).

Common Consequences

Scope: Confidentiality

Impact: Read Memory, Read Application Data

Notes: Mathematically sound cryptographic algorithms rely on their correct implementation for security. These assumptions might break when a hardware crypto module leaks intermediate encryption states or results such that they can be observed by an adversary. If intermediate state is observed, it might be possible for an attacker to identify the secrets used in the cryptographic operation.

Related Weaknesses

CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere