CWE-1280 Base Incompleto

Access Control Check Implemented After Asset is Accessed

This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.

Definição

What is CWE-1280?

This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.
In secure systems, hardware-based access control (like memory or I/O protection) must be verified before any access is granted. This flaw breaks that fundamental rule by allowing the asset to be accessed first, with the permission check happening as a separate, non-atomic step. This creates a critical race condition where an attacker can exploit the gap between access and authorization. For developers, this means the security check is effectively bypassed because the system acts first and asks for permission later. To fix this, the access control verification must be made atomic with the access operation itself, ensuring the check is an inseparable gatekeeper that always completes successfully before any data or hardware resource is exposed.
Impacto no mundo real

Real-world CVEs caused by CWE-1280

Ainda não há referências CVE públicas associadas a este CWE no catálogo da MITRE.

Como os atacantes a exploram

Trajeto do atacante passo a passo

  1. 1

    Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.

  2. 2

    This code uses Verilog blocking assignments for data_out and grant_access. Therefore, these assignments happen sequentially (i.e., data_out is updated to new value first, and grant_access is updated the next cycle) and not in parallel. Therefore, the asset data_out is allowed to be modified even before the access control check is complete and grant_access signal is set. Since grant_access does not have a reset value, it will be meta-stable and will randomly go to either 0 or 1.

  3. 3

    Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.

Exemplo de código vulnerável

Vulnerable Verilog

Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.

Vulnerável Verilog 
module foo_bar(data_out, usr_id, data_in, clk, rst_n);
 output reg [7:0] data_out;
 input wire [2:0] usr_id;
 input wire [7:0] data_in; 
 input wire clk, rst_n;
 wire grant_access;
 always @ (posedge clk or negedge rst_n)
 begin

```
   if (!rst_n)
  	 data_out = 0; 
   else 
  	 data_out = (grant_access) ? data_in : data_out;
  	 assign grant_access = (usr_id == 3'h4) ? 1'b1 : 1'b0;
 end
 endmodule
Exemplo de código seguro

Secure Verilog

Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.

Seguro Verilog 
always @ (posedge clk or negedge rst_n)
 begin

```
   if (!rst_n)
  	 data_out = 0;
   else
  	 assign grant_access = (usr_id == 3'h4) ? 1'b1 : 1'b0;
  	 data_out = (grant_access) ? data_in : data_out;
 end
 endmodule
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção

How to prevent CWE-1280

  • Implementation Implement the access control check first. Access should only be given to asset if agent is authorized.
Sinais de deteção

How to detect CWE-1280

SAST High

Executar análise estática (SAST) na base de código à procura do padrão inseguro no fluxo de dados.

DAST Moderate

Executar testes dinâmicos de segurança de aplicações (DAST) contra o endpoint em execução.

Runtime Moderate

Monitorizar os registos em tempo de execução para traços de exceção invulgares, input malformado ou tentativas de contornar a autorização.

Code review Moderate

Revisão de código: sinalizar qualquer novo código que trate input desta superfície sem usar os ajudantes validados do framework.

Correção automática do Plexicus

O Plexicus deteta automaticamente o CWE-1280 e abre um PR de correção em menos de 60 segundos.

O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.

Obter uma demonstração Experimente o Plexicus gratuitamente
Perguntas frequentes

Frequently asked questions

O que é o CWE-1280?

This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.

Qual a gravidade do CWE-1280?

A MITRE não publicou uma classificação de probabilidade de exploração para esta fraqueza. Trate-a como impacto médio até o seu modelo de ameaças provar o contrário.

Que linguagens ou plataformas são afetadas pelo CWE-1280?

MITRE lists the following affected platforms: Verilog, VHDL, Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.

Como posso prevenir o CWE-1280?

Implement the access control check first. Access should only be given to asset if agent is authorized.

Como é que o Plexicus deteta e corrige o CWE-1280?

O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-1280 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.

Onde posso saber mais sobre o CWE-1280?

A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/1280.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.

Fraquezas relacionadas

Weaknesses related to CWE-1280

CWE-696 Pai

Incorrect Behavior Order

This weakness occurs when a system executes multiple dependent actions in the wrong sequence, leading to unexpected and potentially…

CWE-1190 Irmão

DMA Device Enabled Too Early in Boot Phase

This vulnerability occurs when a device with Direct Memory Access (DMA) capability is activated before the system's security settings are…

CWE-1193 Irmão

Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

This vulnerability occurs when a system powers up hardware components containing untrusted firmware before establishing critical security…

CWE-1279 Irmão

Cryptographic Operations are run Before Supporting Units are Ready

This vulnerability occurs when cryptographic processes start before their required dependencies are properly initialized and ready to…

CWE-179 Irmão

Incorrect Behavior Order: Early Validation

This vulnerability occurs when an application validates user input before applying security filters or data normalization. Attackers can…

CWE-408 Irmão

Incorrect Behavior Order: Early Amplification

This vulnerability occurs when a system allows a user to trigger a resource-intensive operation before verifying their identity or…

CWE-551 Irmão

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

This vulnerability occurs when a web server checks access permissions before fully processing and normalizing a URL, potentially allowing…

Recursos

Further reading

Pronto quando você estiver

Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.

O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.

Começar grátis Reservar uma demo