CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready
Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.
Last updated
Overview
Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.
Real-world CVEs
1 recorded CVEs are caused by CWE-1279 (Cryptographic Operations are run Before Supporting Units are Ready). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-1279 is exploited.
Varies by Context
Affects: Access Control, Confidentiality, Integrity, Availability, Accountability, Authentication, Authorization, Non-Repudiation
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
Technologies
How to prevent it
Practical mitigations for CWE-1279, grouped by where in the lifecycle they apply.
Best practices should be used to design cryptographic systems.
Continuously ensuring that cryptographic inputs are supplying valid information is necessary to ensure that the encrypted output is secure.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The following pseudocode illustrates the weak encryption resulting from the use of a pseudo-random-number generator output.
In the example above, first a check of RNG ready is performed. If the check fails, the RNG is ignored and a hard coded value is used instead. The hard coded value severely weakens the encrypted output.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1279.
- What is CWE-1279?
- Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.
- What CVEs are caused by CWE-1279?
- 1 recorded CVEs are attributed to CWE-1279, including CVE-2023-4489.
- How do you prevent CWE-1279?
- Best practices should be used to design cryptographic systems.
- What are the consequences of CWE-1279?
- Exploiting CWE-1279 can lead to: Varies by Context.
- Is CWE-1279 actively exploited?
- 1 recorded CVEs are caused by CWE-1279; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1279) (opens in a new tab)
- CWE-1279 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1279
Get alerted the moment a new CWE-1279 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.