CWE-1255: Comparison Logic is Vulnerable to Power Side-Channel Attacks

VariantDraft

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

View on MITRE

Back to CWE Lookup

Extended Description

The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a "good" entry and a "bad" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1255

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references