CWE-288: Authentication Bypass Using an Alternate Path or Channel

Description

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

Register SECURE_ME is located at address 0xF00. Amirror of this register called COPY_OF_SECURE_ME isat location 0x800F00. The register SECURE_ME isprotected from malicious agents and only allowsaccess to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (asindicated by acl_oh_allowlist). The identity of theinitiator of the transaction is indicated by theone hot input, incoming_id. This is checked againstthe acl_oh_allowlist (which contains a list ofinitiators that are allowed to access the asset). Though this example is shown in Verilog, it willapply to VHDL as well.



acl_oh_allowlist <= 32'h8312; 



q <= 32'h0;data_out <= 32'h0;
beginend


q <= (addr_auth & write_auth) ? data_in: q;data_out <= q;
beginend
if (!rst_n)elseend
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n);output [31:0] data_out;input [31:0] data_in, incoming_id, address;input clk, rst_n;wire write_auth, addr_auth;reg [31:0] data_out, acl_oh_allowlist, q;assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @*assign addr_auth = (address == 32'hF00) ? 1: 0;always @ (posedge clk or negedge rst_n)endmodule
assign addr_auth = (address == 32'hF00) ? 1: 0;

The bugged line of code is repeated in the Badexample above. Weakness arises from the fact that theSECURE_ME register can be modified by writing to theshadow register COPY_OF_SECURE_ME, the address ofCOPY_OF_SECURE_ME should also be included in the check.That buggy line of code should instead be replaced asshown in the Good Code Snippet below.

assign addr_auth = (address == 32'hF00 || address == 32'h800F00) ? 1: 0;

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 22, 2024 1:08