BaseDraft
CWE-1291Public Key Re-Use for Signing both Debug and Production Code
Category: config
Description
The same public key is used for signing both debug and production code.
Common consequences· 1
- Confidentiality / Integrity / Availability / Access Control / Accountability / Authentication / Authorization / Non-Repudiation / Other — Read Memory, Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Varies by Context
Potential mitigations· 1
- [Implementation]Use different keys for Production and Debug.
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.