CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
Description
The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.
{"xhtml:p":["Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Memory
Scope
Impact
Bypass Protection Mechanism
Potential Mitigations
Whenever debug mode is enabled, all registers containing sensitive assets must be cleared.
CVE-2021-33080Uncleared debug information in memory accelerator for SSD product exposes sensitive system information
CVE-2022-31162Rust library leaks Oauth client details in application debug logs
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now