Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information | Mondoo Vulnerability Intelligence

CWE-1258

BaseDraft

View on MITRE

Exposure of Sensitive System Information Due to Uncleared Debug Information

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

6 linked vulnerabilities

1 related weaknesses

Extended Description

Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.

Architecture and Design

Whenever debug mode is enabled, all registers containing sensitive assets must be cleared.

Confidentiality

Read Memory

Access Control

Bypass Protection Mechanism

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

CWE-212ChildOf

Example CVEs (2)

CVE-2021-33080

Uncleared debug information in memory accelerator for SSD product exposes sensitive system information

CVE-2022-31162

Rust library leaks Oauth client details in application debug logs

External Links

MITRE CWE Database