CWE-1255: Comparison Logic is Vulnerable to Power Side-Channel Attacks
A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.
Last updated
Overview
The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a "good" entry and a "bad" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value.
Real-world CVEs
3 recorded CVEs are caused by CWE-1255 (Comparison Logic is Vulnerable to Power Side-Channel Attacks). The highest-severity and most recent are shown first. 0 new CWE-1255 CVEs have been recorded so far in 2026 (1 in 2025).