CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information

BaseDraft

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

View on MITRE

Back to CWE Lookup

Extended Description

Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1258

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references