CWE-1243
Sensitive Non-Volatile Information Not Protected During Debug
Description
Access to security-sensitive information stored in fuses is not limited during debug.
{"xhtml:p":["Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided. "]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Memory, Read Memory, Bypass Protection Mechanism
Potential Mitigations
Disable access to security-sensitive information stored in fuses directly and also reflected from temporary storage locations when in debug mode.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now