CWE-1271: Uninitialized Value on Reset for Registers Holding Security Settings

CWE-1271: Uninitialized Value on Reset for Registers Holding Security Settings | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

Shown below is a positive clock edge triggered flip-flop used to implement a lock bit for test and debug interface. When the circuit is first brought out of reset, the state of the flip-flop will be unknown until the enable input and D-input signals update the flip-flop state. In this example, an attacker can reset the device until the test and debug interface is unlocked and access the test interface until the lock signal is driven to a known state by the logic.

Vulnerable example

verilog

if (en) lock_jtag <= d;

Safe example

verilog

if (~reset) lock_jtag <= 0;

The flip-flop can be set to a known value (0 or 1) on reset, but requires that the logic explicitly update the output of the flip-flop if the reset signal is active.

CWE-1271: Uninitialized Value on Reset for Registers Holding Security Settings

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Attack patterns

Frequently asked questions

What is CWE-1271?

How do you prevent CWE-1271?

What are the consequences of CWE-1271?

References

Stay ahead of CWE-1271

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Related weaknesses

Parent

Peer

Attack patterns

Frequently asked questions

What is CWE-1271?

How do you prevent CWE-1271?

What are the consequences of CWE-1271?

References

Stay ahead of CWE-1271