CWE-1271: Uninitialized Value on Reset for Registers Holding Security Settings

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

Security-critical logic is not set to a known value on reset.

常见后果

影响范围: Access Control Authentication Authorization

技术影响: Varies by Context

潜在缓解措施

阶段: Implementation

描述: Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.

阶段: Architecture and Design

描述: All registers holding security-critical information should be set to a specific value on reset.

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)
操作系统
Not OS-Specific (Undetermined)
技术
Not Technology-Specific (Undetermined)
关键信息

CWE ID: CWE-1271

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-909

Missing Initialization of Resource

Class
相关攻击模式
CAPEC-74
返回列表