CWE-1255 Variante Borrador

Comparison Logic is Vulnerable to Power Side-Channel Attacks

This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage…

Definición

What is CWE-1255?

This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.
Attackers can exploit this weakness by measuring a device's real-time power draw while it validates security tokens, like passwords or cryptographic keys. If the comparison logic isn't designed to consume consistent power regardless of the input, each guess creates a unique power signature. Observing these tiny variations allows an attacker to distinguish correct from incorrect character guesses, effectively turning power consumption into a data leak. Unlimited retry mechanisms dramatically worsen this issue, giving attackers repeated opportunities to measure and compare power traces. To prevent this, developers must implement constant-time comparison algorithms that execute identical operations and power patterns for all inputs, alongside strict rate-limiting on authentication attempts to block the gradual reconstruction of secrets through side-channel analysis.
Impacto en el mundo real

Real-world CVEs caused by CWE-1255

  • CVE-2020-12788

    CMAC verification vulnerable to timing and power attacks.

Cómo lo explotan los atacantes

Ruta del atacante paso a paso

  1. 1

    Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.

  2. 2

    Since the algorithm uses a different number of 1's and 0's for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.

  3. 3

    Among various options for mitigating the string comparison is obscuring the power consumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.

  4. 4

    This code demonstrates the transfer of a secret key using Serial-In/Serial-Out shift. It's easy to extract the secret using simple power analysis as each shift gives data on a single bit of the key.

  5. 5

    This code demonstrates the transfer of a secret key using a Parallel-In/Parallel-Out shift. In a parallel shift, data confounded by multiple bits of the key, not just one.

Ejemplo de código vulnerable

Vulnerable C

Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.

Vulnerable C 
static nonvolatile password_tries = NUM_RETRIES;
 do

```
   while (password_tries == 0) ; // Hang here if no more password tries
   password_ok = 0;
   for (i = 0; i < NUM_PW_DIGITS; i++)
  	 if (GetPasswordByte() == stored_password([i])
  		 password_ok |= 1; // Power consumption is different here
  	 else
  		 password_ok |= 0; // than from here
   end
   if (password_ok > 0)
  	 password_tries = NUM_RETRIES;
  	 break_to_Ok_to_proceed
   password_tries--;
 while (true)
 // Password OK
Ejemplo de código seguro

Secure C

Among various options for mitigating the string comparison is obscuring the power consumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.

Seguro C 
static nonvolatile password_tries = NUM_RETRIES;
 do

```
   while (password_tries == 0) ; // Hang here if no more password tries
   password_tries--; // Put retry code here to catch partial retries
   password_ok = 0;
   for (i = 0; i < NUM_PW_DIGITS; i++)
  	 if (GetPasswordByte() == stored_password([i])
  		 password_ok |= 0x10; // Power consumption here
  	 else
  		 password_ok |= 0x01; // is now the same here
   end
   if ((password_ok & 1) == 0)
  	 password_tries = NUM_RETRIES;
  	 break_to_Ok_to_proceed
 while (true)
 // Password OK
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención

How to prevent CWE-1255

  • Architecture and Design The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check.
  • Architecture and Design Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.
  • Architecture and Design An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator.
  • Implementation If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements.
  • Integration During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use.
Señales de detección

How to detect CWE-1255

SAST High

Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.

DAST Moderate

Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.

Runtime Moderate

Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.

Code review Moderate

Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.

Auto-corrección de Plexicus

Plexicus detecta automáticamente CWE-1255 y abre un PR de corrección en menos de 60 segundos.

Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.

Solicitar demo Probar Plexicus gratis
Preguntas frecuentes

Frequently asked questions

¿Qué es CWE-1255?

This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.

¿Qué gravedad tiene CWE-1255?

MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.

¿Qué lenguajes o plataformas se ven afectados por CWE-1255?

MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.

¿Cómo puedo prevenir CWE-1255?

The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check. Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.

¿Cómo detecta y corrige Plexicus CWE-1255?

El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-1255 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.

¿Dónde puedo aprender más sobre CWE-1255?

MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/1255.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.

Debilidades relacionadas

Weaknesses related to CWE-1255

CWE-1300 Padre

Improper Protection of Physical Side Channels

This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit…

CWE-1259 Par

Improper Restriction of Security Token Assignment

This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly secure its Security Token mechanism. These tokens control which…

Recursos

Further reading

Listo cuando tú lo estés

Deja de pagar por desarrollador.
Empieza a cerrar el bucle.

Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.

Comenzar gratis Reservar una demo