Détail du CWE-1291

CWE-1291

Public Key Re-Use for Signing both Debug and Production Code
Draft
2020-08-20
00h00 +00:00
2023-06-29
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Public Key Re-Use for Signing both Debug and Production Code

The same public key is used for signing both debug and production code.

Description du CWE

A common usage of public-key cryptography is to verify the integrity and authenticity of another entity (for example a firmware binary). If a company wants to ensure that its firmware runs only on its own hardware, before the firmware runs, an encrypted hash of the firmware image will be decrypted with the public key and then verified against the now-computed hash of the firmware image. This means that the public key forms the root of trust, which necessitates that the public key itself must be protected and used properly.

During the development phase, debug firmware enables many hardware debug hooks, debug modes, and debug messages for testing. Those debug facilities provide significant, additional views about the firmware's capability and, in some cases, additional capability into the chip or SoC. If compromised, these capabilities could be exploited by an attacker to take full control of the system.

Once the product exits the manufacturing stage and enters production, it is good practice to use a different public key. Debug firmware images are known to leak. With the debug key being reused as the production key, the debug image will also work on the production image. Thus, it will open all the internal, debug capabilities to the attacker.

If a different public key is used for the production image, even if the attacker gains access to the debug firmware image, they will not be able to run it on a production machine. Thus, damage will be limited to the intellectual property leakage resulting from the debug image.

Informations générales

Modes d'introduction

Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Conséquences courantes

Portée Impact Probabilité
Confidentiality
Integrity
Availability
Access Control
Accountability
Authentication
Authorization
Non-Repudiation
Other
Read Memory, Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Varies by ContextHigh

Mesures d’atténuation potentielles

Phases : Implementation
Use different keys for Production and Debug

Méthodes de détection

Architecture or Design Review

Compare the debug key with the production key to make sure that they are not the same.


Efficacité : High

Dynamic Analysis with Manual Results Interpretation

Compare the debug key with the production key to make sure that they are not the same.


Efficacité : High

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Soumission

Nom Organisation Date Date de publication Version
Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi Intel Corporation 2020-05-26 +00:00 2020-08-20 +00:00 4.2

Modifications

Nom Organisation Date Commentaire
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes