CWE-1271

Uninitialized Value on Reset for Registers Holding Security Settings

Base

Incomplete

Description

Security-critical logic is not set to a known value on reset.

{"xhtml:p":["When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack."]}

Parent Weaknesses (ChildOf)

CWE-909: Missing Initialization of Reso...

Common Consequences

Scope

Access Control

Authentication

Authorization

Impact

Varies by Context

Potential Mitigations

Implementation

Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.

Architecture and Design

All registers holding security-critical information should be set to a specific value on reset.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now