BaseIncomplete

CWE-1273Device Unlock Credential Sharing

Category: auth

Description

The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control / Accountability / Authentication / Authorization / Non-Repudiation — Modify Memory, Read Memory, Modify Files or Directories, Read Files or Directories, Modify Application Data, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism
    Once unlock credentials are compromised, an attacker can use the credentials to unlock the device and gain unauthorized access to the hidden functionalities protected by those credentials.

Potential mitigations· 2

  • [Integration]Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific.
  • [Manufacturing]Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific.

Related CAPEC attack patterns· 1

CAPEC-560

References

  1. https://cwe.mitre.org/data/definitions/1273.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternUse of Known Domain Credentialscapec-560100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficiently Protected Credentials
CWE
Weak Authentication
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Use of Weak Credentials
CWE
Improper Restriction of Excessive Authentication Attempts
CWE
Use of Single-factor Authentication
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.