CWE-1243: Sensitive Non-Volatile Information Not Protected During Debug

Access to security-sensitive information stored in fuses is not limited during debug.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided.

CWE-1243: Sensitive Non-Volatile Information Not Protected During Debug

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Attack patterns

Frequently asked questions

What is CWE-1243?

How do you prevent CWE-1243?

What are the consequences of CWE-1243?

References

Stay ahead of CWE-1243

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1243?

How do you prevent CWE-1243?

What are the consequences of CWE-1243?

References

Stay ahead of CWE-1243