CWE-1258 Detail

CWE-1258

Name

Exposure of Sensitive System Information Due to Uncleared Debug Information

Status

Draft

Published

2020-02-24
00h00 +00:00

Modified

2024-07-16
00h00 +00:00

Official links

CWE Mitre.org

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Notifications manage

List of Notifications

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Name: Exposure of Sensitive System Information Due to Uncleared Debug Information

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

CWE Description

Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.

General Informations

Modes Of Introduction

Architecture and Design
Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Read Memory
Access Control	Bypass Protection Mechanism

Observed Examples

References	Description
CVE-2021-33080	Uncleared debug information in memory accelerator for SSD product exposes sensitive system information
CVE-2022-31162	Rust library leaks Oauth client details in application debug logs

Potential Mitigations

Phases : Architecture and Design

Whenever debug mode is enabled, all registers containing sensitive assets must be cleared.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-150	Collect Data from Common Resource Locations An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-204	Lifting Sensitive Data Embedded in Cache An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.
CAPEC-37	Retrieve Embedded Sensitive Data An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
CAPEC-545	Pull Data from System Resources An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location.

References

REF-1435

Bad Code aes1_wrapper.sv
https://github.com/HACK-EVENT/hackatdac21/blob/bcae7aba7f9daee8ad2cfd47b997ac7ad6611034/piton/design/chip/tile/ariane/src/aes1/aes1_wrapper.sv#L149:L155

REF-1436

Good Code aes1_wrapper.sv
https://github.com/HACK-EVENT/hackatdac21/blob/e3234bb15f07f213de08ec91a9ec08d2a16b5714/piton/design/chip/tile/ariane/src/aes1/aes1_wrapper.sv#L149:L155

Submission

Name	Organization	Date	Date release	Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation	2020-02-12 +00:00	2020-02-24 +00:00	4.1

Modifications

Name	Organization	Date	Comment
CWE Content Team	MITRE	2020-08-20 +00:00	updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns, Relationships
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2023-10-26 +00:00	updated Observed_Examples
CWE Content Team	MITRE	2024-07-16 +00:00	updated Demonstrative_Examples, References