CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs

BaseIncomplete

The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of its cryptographic operations via one of its output wires (typically the output port containing the final result).

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs?+

CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of its cryptographic operations via one of its output wires (typically the output port containing the final result).

How do you prevent or mitigate Driving Intermediate Cryptographic State/Results to Hardware Module Outputs?+

Recommended mitigations for CWE-1431 include: Designers/developers should add or modify existing control flow logic along any data flow paths that connect "sources" (signals with intermediate cryptographic state/results) with "sinks" (hardware module outputs and other signals outside of trusted cryptographic zone). The control flow logic should only allow cryptographic results to be driven to "sinks" when appropriate conditions are satisfied (typically when the final result for a cryptographic operation has been generated). When the appropriate conditions are not satisfied (i.e., before or during a cryptographic operation), the control flow logic should drive a safe default value to "sinks". Designers/developers should add or modify existing control flow logic along any data flow paths that connect "sources" (signals with intermediate cryptographic state/results) with "sinks" (hardware module outputs and other signals outside of trusted cryptographic zone). The control flow logic should only allow cryptographic results to be driven to "sinks" when appropriate conditions are satisfied (typically when the final result for a cryptographic operation has been generated). When the appropriate conditions are not satisfied (i.e., before or during a cryptographic operation), the control flow logic should drive a safe default value to "sinks".

How is Driving Intermediate Cryptographic State/Results to Hardware Module Outputs detected?+

CWE-1431 can be detected using Automated Static Analysis - Source Code and Simulation / Emulation. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Driving Intermediate Cryptographic State/Results to Hardware Module Outputs?+

CWE-1431 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1431 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More