CWE-1270 |
The product implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers generated in the system are incorrect. |
CWE-1271 |
The product's logic for state elements that implement security-critical functionality does not have a mechanism for being initialized to a known value on reset. |
CWE-1272 |
Sensitive information may leak as a result of a debug or power state transition when information access restrictions change as a result of the transition. |
CWE-1273 |
The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information. |
CWE-1274 |
The protections on the product's non-volatile memory containing boot code are insufficient to prevent the bypassing of secure boot or the execution of an untrusted, boot code chosen by an adversary. |
CWE-1275 |
The SameSite attribute for sensitive cookies is not set, or an insecure value is used. |
CWE-1276 |
Signals between a hardware IP and the larger system design are incorrectly connected. |
CWE-1277 |
The product's firmware cannot be updated, which leaves persistent weaknesses with no means of patching them. |
CWE-1278 |
Secrets stored in hardware can be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy. |
CWE-1279 |
Using crypto primitives without ensuring that they have passed the self-tests might result in the exposure of sensitive information and/or other consequences. |