Executar análise estática (SAST) na base de código à procura do padrão inseguro no fluxo de dados.
CWE-1258 Base Rascunho
Exposure of Sensitive System Information Due to Uncleared Debug Information
This vulnerability occurs when hardware fails to erase sensitive data like cryptographic keys and intermediate values before entering debug mode, leaving them exposed.
Definição
What is CWE-1258?
This vulnerability occurs when hardware fails to erase sensitive data like cryptographic keys and intermediate values before entering debug mode, leaving them exposed.
During normal operation, hardware components temporarily store security-critical data in registers or cache. This includes encryption keys, intermediate calculation results from cryptographic processes, and other sensitive system information. If this data isn't proactively wiped when the system switches into debug mode, it remains resident in memory.
Attackers or untrusted users with debug access can then read these uncleared values directly, potentially compromising entire security systems. This exposure bypasses software protections because the leak happens at the hardware level, where sensitive artifacts were never properly sanitized during the mode transition.
Impacto no mundo real
Real-world CVEs caused by CWE-1258
-
Uncleared debug information in memory accelerator for SSD product exposes sensitive system information
-
Rust library leaks Oauth client details in application debug logs
Como os atacantes a exploram
Trajeto do atacante passo a passo
- 1
A cryptographic core in a System-On-a-Chip (SoC) is used for cryptographic acceleration and implements several cryptographic operations (e.g., computation of AES encryption and decryption, SHA-256, HMAC, etc.). The keys for these operations or the intermediate values are stored in registers internal to the cryptographic core. These internal registers are in the Memory Mapped Input Output (MMIO) space and are blocked from access by software and other untrusted agents on the SoC. These registers are accessible through the debug and test interface.
- 2
The following code example is extracted from the AES wrapper module, aes1_wrapper, of the Hack@DAC'21 buggy OpenPiton System-on-Chip (SoC). Within this wrapper module are four memory-mapped registers: core_key, core_key0, core_key1, and core_key2. Core_key0, core_key1, and core_key2 hold encryption/decryption keys. The core_key register selects a key and sends it to the underlying AES module to execute encryption/decryption operations. Debug mode in processors and SoCs facilitates design debugging by granting access to internal signal/register values, including physical pin values of peripherals/core, fabric bus data transactions, and inter-peripheral registers. Debug mode allows users to gather detailed, low-level information about the design to diagnose potential issues. While debug mode is beneficial for diagnosing processors or SoCs, it also introduces a new attack surface for potential attackers. For instance, if an attacker gains access to debug mode, they could potentially read any content transmitted through the fabric bus or access encryption/decryption keys stored in cryptographic peripherals. Therefore, it is crucial to clear the contents of secret registers upon entering debug mode. In the provided example of flawed code below, when debug_mode_i is activated, the register core_key0 is set to zero to prevent AES key leakage during debugging. However, this protective measure is not applied to the core_key1 register [REF-1435], leaving its contents uncleared during debug mode. This oversight enables a debugger to access sensitive information. Failing to clear sensitive data during debug mode may lead to unauthorized access to secret keys and compromise system security.
- 3
To address the issue, it is essential to ensure that the register is cleared and zeroized after activating debug mode on the SoC. In the correct implementation illustrated in the good code below, core_keyx registers are set to zero when debug mode is activated [REF-1436].
Exemplo de código vulnerável
Vulnerable Other
A cryptographic core in a System-On-a-Chip (SoC) is used for cryptographic acceleration and implements several cryptographic operations (e.g., computation of AES encryption and decryption, SHA-256, HMAC, etc.). The keys for these operations or the intermediate values are stored in registers internal to the cryptographic core. These internal registers are in the Memory Mapped Input Output (MMIO) space and are blocked from access by software and other untrusted agents on the SoC. These registers are accessible through the debug and test interface.
In the above scenario, registers that store keys and intermediate values of cryptographic operations are not cleared when system enters debug mode. An untrusted actor running a debugger may read the contents of these registers and gain access to secret keys and other sensitive cryptographic information. Exemplo de código seguro
Secure Other
Whenever the chip enters debug mode, all registers containing security-sensitive data are be cleared rendering them unreadable. What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção
How to prevent CWE-1258
- Architecture and Design Whenever debug mode is enabled, all registers containing sensitive assets must be cleared.
Sinais de deteção
How to detect CWE-1258
Executar testes dinâmicos de segurança de aplicações (DAST) contra o endpoint em execução.
Monitorizar os registos em tempo de execução para traços de exceção invulgares, input malformado ou tentativas de contornar a autorização.
Revisão de código: sinalizar qualquer novo código que trate input desta superfície sem usar os ajudantes validados do framework.
O Plexicus deteta automaticamente o CWE-1258 e abre um PR de correção em menos de 60 segundos.
O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.
Perguntas frequentes O que é o CWE-1258?
Qual a gravidade do CWE-1258?
Que linguagens ou plataformas são afetadas pelo CWE-1258?
Como posso prevenir o CWE-1258?
Como é que o Plexicus deteta e corrige o CWE-1258?
Onde posso saber mais sobre o CWE-1258?
Frequently asked questions
O que é o CWE-1258?
This vulnerability occurs when hardware fails to erase sensitive data like cryptographic keys and intermediate values before entering debug mode, leaving them exposed.
Qual a gravidade do CWE-1258?
A MITRE não publicou uma classificação de probabilidade de exploração para esta fraqueza. Trate-a como impacto médio até o seu modelo de ameaças provar o contrário.
Que linguagens ou plataformas são afetadas pelo CWE-1258?
MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.
Como posso prevenir o CWE-1258?
Whenever debug mode is enabled, all registers containing sensitive assets must be cleared.
Como é que o Plexicus deteta e corrige o CWE-1258?
O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-1258 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.
Onde posso saber mais sobre o CWE-1258?
A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/1258.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.
Fraquezas relacionadas
Weaknesses related to CWE-1258
CWE-212 Pai
Improper Removal of Sensitive Information Before Storage or Transfer
This vulnerability occurs when an application stores or transmits a resource containing sensitive data without properly cleaning it first,…
CWE-226 Irmão
Sensitive Information in Resource Not Removed Before Reuse
This vulnerability occurs when a system releases a resource like memory or a file for reuse but fails to erase the sensitive data it…
Recursos
Further reading
- MITRE — CWE-1258 oficial https://cwe.mitre.org/data/definitions/1258.html
- Bad Code aes1_wrapper.sv https://github.com/HACK-EVENT/hackatdac21/blob/bcae7aba7f9daee8ad2cfd47b997ac7ad6611034/piton/design/chip/tile/ariane/src/aes1/aes1_wrapper.sv#L149:L155
- Good Code aes1_wrapper.sv https://github.com/HACK-EVENT/hackatdac21/blob/e3234bb15f07f213de08ec91a9ec08d2a16b5714/piton/design/chip/tile/ariane/src/aes1/aes1_wrapper.sv#L149:L155
Pronto quando você estiver
Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.
O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.