CWE-1291: Public Key Re-Use for Signing both Debug and Production Code

Base Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The same public key is used for signing both debug and production code.

常见后果

影响范围: Confidentiality Integrity Availability Access Control Accountability Authentication Authorization Non-Repudiation Other

技术影响: Read Memory Modify Memory Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Varies by Context

潜在缓解措施

阶段: Implementation

描述: Use different keys for Production and Debug

检测方法

方法: Architecture or Design Review

有效性: High

方法: Dynamic Analysis with Manual Results Interpretation

有效性: High

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)
操作系统
Not OS-Specific (Undetermined)
技术
Not Technology-Specific (Undetermined)
关键信息

CWE ID: CWE-1291

抽象级别: Base

结构: Simple

状态: Draft

相关弱点
ChildOf CWE-693

Protection Mechanism Failure

Pillar
PeerOf CWE-321

Use of Hard-coded Cryptographic Key

Variant
返回列表