CWE-1280 Base Incompleto

Access Control Check Implemented After Asset is Accessed

This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.

Definición

What is CWE-1280?

This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.
In secure systems, hardware-based access control (like memory or I/O protection) must be verified before any access is granted. This flaw breaks that fundamental rule by allowing the asset to be accessed first, with the permission check happening as a separate, non-atomic step. This creates a critical race condition where an attacker can exploit the gap between access and authorization. For developers, this means the security check is effectively bypassed because the system acts first and asks for permission later. To fix this, the access control verification must be made atomic with the access operation itself, ensuring the check is an inseparable gatekeeper that always completes successfully before any data or hardware resource is exposed.
Impacto en el mundo real

Real-world CVEs caused by CWE-1280

Todavía no hay CVEs públicos enlazados a esta CWE en el catálogo de MITRE.

Cómo lo explotan los atacantes

Ruta del atacante paso a paso

  1. 1

    Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.

  2. 2

    This code uses Verilog blocking assignments for data_out and grant_access. Therefore, these assignments happen sequentially (i.e., data_out is updated to new value first, and grant_access is updated the next cycle) and not in parallel. Therefore, the asset data_out is allowed to be modified even before the access control check is complete and grant_access signal is set. Since grant_access does not have a reset value, it will be meta-stable and will randomly go to either 0 or 1.

  3. 3

    Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.

Ejemplo de código vulnerable

Vulnerable Verilog

Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.

Vulnerable Verilog 
module foo_bar(data_out, usr_id, data_in, clk, rst_n);
 output reg [7:0] data_out;
 input wire [2:0] usr_id;
 input wire [7:0] data_in; 
 input wire clk, rst_n;
 wire grant_access;
 always @ (posedge clk or negedge rst_n)
 begin

```
   if (!rst_n)
  	 data_out = 0; 
   else 
  	 data_out = (grant_access) ? data_in : data_out;
  	 assign grant_access = (usr_id == 3'h4) ? 1'b1 : 1'b0;
 end
 endmodule
Ejemplo de código seguro

Secure Verilog

Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.

Seguro Verilog 
always @ (posedge clk or negedge rst_n)
 begin

```
   if (!rst_n)
  	 data_out = 0;
   else
  	 assign grant_access = (usr_id == 3'h4) ? 1'b1 : 1'b0;
  	 data_out = (grant_access) ? data_in : data_out;
 end
 endmodule
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención

How to prevent CWE-1280

  • Implementation Implement the access control check first. Access should only be given to asset if agent is authorized.
Señales de detección

How to detect CWE-1280

SAST High

Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.

DAST Moderate

Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.

Runtime Moderate

Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.

Code review Moderate

Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.

Auto-corrección de Plexicus

Plexicus detecta automáticamente CWE-1280 y abre un PR de corrección en menos de 60 segundos.

Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.

Solicitar demo Probar Plexicus gratis
Preguntas frecuentes

Frequently asked questions

¿Qué es CWE-1280?

This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.

¿Qué gravedad tiene CWE-1280?

MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.

¿Qué lenguajes o plataformas se ven afectados por CWE-1280?

MITRE lists the following affected platforms: Verilog, VHDL, Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.

¿Cómo puedo prevenir CWE-1280?

Implement the access control check first. Access should only be given to asset if agent is authorized.

¿Cómo detecta y corrige Plexicus CWE-1280?

El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-1280 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.

¿Dónde puedo aprender más sobre CWE-1280?

MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/1280.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.

Debilidades relacionadas

Weaknesses related to CWE-1280

CWE-696 Padre

Incorrect Behavior Order

This weakness occurs when a system executes multiple dependent actions in the wrong sequence, leading to unexpected and potentially…

CWE-1190 Hermano

DMA Device Enabled Too Early in Boot Phase

This vulnerability occurs when a device with Direct Memory Access (DMA) capability is activated before the system's security settings are…

CWE-1193 Hermano

Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

This vulnerability occurs when a system powers up hardware components containing untrusted firmware before establishing critical security…

CWE-1279 Hermano

Cryptographic Operations are run Before Supporting Units are Ready

This vulnerability occurs when cryptographic processes start before their required dependencies are properly initialized and ready to…

CWE-179 Hermano

Incorrect Behavior Order: Early Validation

This vulnerability occurs when an application validates user input before applying security filters or data normalization. Attackers can…

CWE-408 Hermano

Incorrect Behavior Order: Early Amplification

This vulnerability occurs when a system allows a user to trigger a resource-intensive operation before verifying their identity or…

CWE-551 Hermano

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

This vulnerability occurs when a web server checks access permissions before fully processing and normalizing a URL, potentially allowing…

Recursos

Further reading

Listo cuando tú lo estés

Deja de pagar por desarrollador.
Empieza a cerrar el bucle.

Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.

Comenzar gratis Reservar una demo