Base weakness

Incomplete

CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready

Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.

Real-world CVEs

1 recorded CVEs are caused by CWE-1279 (Cryptographic Operations are run Before Supporting Units are Ready). The highest-severity and most recent are shown first.

CVE-2023-4489
Medium · CVSS 6.4 · EPSS 72th
2023-12-14

Common consequences

What can happen when CWE-1279 is exploited.

Varies by Context

Affects: Access Control, Confidentiality, Integrity, Availability, Accountability, Authentication, Authorization, Non-Repudiation

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

Applies to

Languages

Verilog

VHDL

Technologies

Processor Hardware

How to prevent it

Practical mitigations for CWE-1279, grouped by where in the lifecycle they apply.

Architecture and Design

Best practices should be used to design cryptographic systems.

Implementation

Continuously ensuring that cryptographic inputs are supplying valid information is necessary to ensure that the encrypted output is secure.

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following pseudocode illustrates the weak encryption resulting from the use of a pseudo-random-number generator output.

In the example above, first a check of RNG ready is performed. If the check fails, the RNG is ignored and a hard coded value is used instead. The hard coded value severely weakens the encrypted output.

Attack patterns

CAPEC attack patterns that exploit this weakness.

CAPEC-97: Cryptanalysis

Frequently asked questions

Common questions about CWE-1279.

What is CWE-1279?

Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.

What CVEs are caused by CWE-1279?

1 recorded CVEs are attributed to CWE-1279, including CVE-2023-4489.

How do you prevent CWE-1279?

Best practices should be used to design cryptographic systems.

What are the consequences of CWE-1279?

Exploiting CWE-1279 can lead to: Varies by Context.

Is CWE-1279 actively exploited?

1 recorded CVEs are caused by CWE-1279; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-1279

Get alerted the moment a new CWE-1279 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing