CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.
Mitigation
Phase: Architecture and Design
Description:
- Apply blinding [REF-1219] or masking techniques in strategic areas.
Mitigation
Phase: Implementation
Description:
- Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.