CWE-1273: Device Unlock Credential Sharing
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.
常见后果
影响范围: Confidentiality Integrity Availability Access Control Accountability Authentication Authorization Non-Repudiation
技术影响: Modify Memory Read Memory Modify Files or Directories Read Files or Directories Modify Application Data Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Bypass Protection Mechanism
说明: Once unlock credentials are compromised, an attacker can use the credentials to unlock the device and gain unauthorized access to the hidden functionalities protected by those credentials.
潜在缓解措施
阶段: Integration
描述: Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific.
阶段: Manufacturing
描述: Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific.
引入模式
| 阶段 | 说明 |
|---|---|
| Integration | - |
| Manufacturing | - |