CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of its cryptographic operations via one of its output wires (typically the output port containing the final result).

常见后果

影响范围: Confidentiality

技术影响: Read Memory Read Application Data

潜在缓解措施

阶段: Architecture and Design

有效性: High

阶段: Implementation

有效性: High

检测方法

方法: Automated Static Analysis - Source Code

有效性: High

方法: Simulation / Emulation

有效性: High

方法: Formal Verification

有效性: High

方法: Manual Analysis

有效性: Opportunistic

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)
技术
System on Chip (Undetermined)
关键信息

CWE ID: CWE-1431

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Class
PeerOf CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Base
返回列表