Debug and Test Problems

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to hardware debug and test interfaces such as JTAG and scan chain.

Weaknesses

Debug Messages Revealing Unnecessary Information

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization

The chip does not implement or does not correctly check whether users are authorized to access internal registers.

Exposure of Sensitive System Information Due to Uncleared Debug Information

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

Hardware Allows Activation of Test or Debug Logic at Runtime

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the ...

Hardware Internal or Debug Modes Allow Override of Locks

System configuration protection may be bypassed during debug mode.

Improper Access to Sensitive Information Using Debug and Test Interfaces

The product's physical debug and test interface protection does not block untrusted agents, resulting in unauthorized access to and potentially control of sensitive as...

Improper Management of Sensitive Trace Data

Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted ag...

Incorrect Chaining or Granularity of Debug Components

The product's debug components contain incorrect chaining or granularity of debug components.

Public Key Re-Use for Signing both Debug and Production Code

The same public key is used for signing both debug and production code.

Sensitive Information Accessible by Physical Probing of JTAG Interface

Sensitive information in clear text on the JTAG interface may be examined by an eavesdropper, e.g. by placing a probe device on the int...

Sensitive Information Uncleared Before Debug/Power State Transition

Sensitive information may leak as a result of a debug or power state transition when information access restrictions change as a result of the transition.

Sensitive Non-Volatile Information Not Protected During Debug

Access to security-sensitive information stored in fuses is not limited during debug.

Concepts

Hardware Design

This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.