CWE-1221
Incorrect Register Defaults or Module Parameters
Hardware description language code incorrectly defines register defaults or hardware Intellectual Property (IP) parameters to insecure values.
Mitigation
Phase: Architecture and Design
Description:
- During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings.
Mitigation
Phase: Implementation
Description:
- The default values of these security sensitive settings need to be defined as part of the design review phase.
Mitigation
Phase: Testing
Description:
- Testing phase should use automated tools to test that values are configured per design specifications.
CAPEC-166: Force the System to Reset Values
An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.