CWE-1254: Incorrect Comparison Logic Granularity

Description

The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.

Submission Date :

Feb. 12, 2020, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

Intel Corporation
Extended Description

Comparison logic is used to compare a variety of objects including passwords, Message Authentication Codes (MACs), and responses to verification challenges. When comparison logic is implemented at a finer granularity (e.g., byte-by-byte comparison) and breaks in the case of a comparison failure, an attacker can exploit this implementation to identify when exactly the failure occurred. With multiple attempts, the attacker may be able to guesses the correct password/response to challenge and elevate their privileges.

Example Vulnerable Codes

Example - 1

Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.





assign check_pass[i] = 1;continue;

assign check_pass[i] = 0;break;
if (entered_pass[(i*8 - 1) : i] eq golden_pass([i*8 - 1) : i])elseend
assign check_pass[3:0] = 4'b0;for (i = 0; i < 4; i++) beginassign grant_access = (check_pass == 4'b1111) ? 1'b1: 1'b0;
always_comb @ (posedge clk)beginend

Since the code breaks on an incorrect entry of password, an attacker can guess the correct password for that byte-check iteration with few repeat attempts.

To fix this weakness, either the comparison of the entire string should be done all at once, or the attacker is not given an indication whether pass or fail happened by allowing the comparison to run through all bits before the grant_access signal is set.





assign check_pass[i] = 1;continue;

assign check_pass[i] = 0;continue;
if (entered_pass[(i*8 - 1) : i] eq golden_pass([i*8 -1) : i])elseend
assign check_pass[3:0] = 4'b0;for (i = 0; i < 4; i++) beginassign grant_access = (check_pass == 4'b1111) ? 1'b1: 1'b0;
always_comb @ (posedge clk)beginend

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-208: Observable Timing Discrepancy
Go to
CWE-697: Incorrect Comparison
Go to
CWE-1261: Improper Handling of Single Event Upsets
Go to

Visit http://cwe.mitre.org/ for more details.