Run static analysis (SAST) on the codebase looking for the unsafe pattern in the data flow.
CWE-1255 Variant Draft
Comparison Logic is Vulnerable to Power Side-Channel Attacks
This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage…
Definition
What is CWE-1255?
This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.
Attackers can exploit this weakness by measuring a device's real-time power draw while it validates security tokens, like passwords or cryptographic keys. If the comparison logic isn't designed to consume consistent power regardless of the input, each guess creates a unique power signature. Observing these tiny variations allows an attacker to distinguish correct from incorrect character guesses, effectively turning power consumption into a data leak.
Unlimited retry mechanisms dramatically worsen this issue, giving attackers repeated opportunities to measure and compare power traces. To prevent this, developers must implement constant-time comparison algorithms that execute identical operations and power patterns for all inputs, alongside strict rate-limiting on authentication attempts to block the gradual reconstruction of secrets through side-channel analysis.
Real-world impact
Real-world CVEs caused by CWE-1255
-
CMAC verification vulnerable to timing and power attacks.
How attackers exploit it
Step-by-step attacker path
- 1
Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.
- 2
Since the algorithm uses a different number of 1's and 0's for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.
- 3
Among various options for mitigating the string comparison is obscuring the power consumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.
- 4
This code demonstrates the transfer of a secret key using Serial-In/Serial-Out shift. It's easy to extract the secret using simple power analysis as each shift gives data on a single bit of the key.
- 5
This code demonstrates the transfer of a secret key using a Parallel-In/Parallel-Out shift. In a parallel shift, data confounded by multiple bits of the key, not just one.
Vulnerable code example
Vulnerable C
Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.
static nonvolatile password_tries = NUM_RETRIES;
do
```
while (password_tries == 0) ; // Hang here if no more password tries
password_ok = 0;
for (i = 0; i < NUM_PW_DIGITS; i++)
if (GetPasswordByte() == stored_password([i])
password_ok |= 1; // Power consumption is different here
else
password_ok |= 0; // than from here
end
if (password_ok > 0)
password_tries = NUM_RETRIES;
break_to_Ok_to_proceed
password_tries--;
while (true)
// Password OK Secure code example
Secure C
Among various options for mitigating the string comparison is obscuring the power consumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.
static nonvolatile password_tries = NUM_RETRIES;
do
```
while (password_tries == 0) ; // Hang here if no more password tries
password_tries--; // Put retry code here to catch partial retries
password_ok = 0;
for (i = 0; i < NUM_PW_DIGITS; i++)
if (GetPasswordByte() == stored_password([i])
password_ok |= 0x10; // Power consumption here
else
password_ok |= 0x01; // is now the same here
end
if ((password_ok & 1) == 0)
password_tries = NUM_RETRIES;
break_to_Ok_to_proceed
while (true)
// Password OK What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist
How to prevent CWE-1255
- Architecture and Design The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check.
- Architecture and Design Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.
- Architecture and Design An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator.
- Implementation If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements.
- Integration During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use.
Detection signals
How to detect CWE-1255
Run dynamic application security testing against the live endpoint.
Watch runtime logs for unusual exception traces, malformed input, or authorization bypass attempts.
Code review: flag any new code that handles input from this surface without using the validated framework helpers.
Plexicus auto-detects CWE-1255 and opens a fix PR in under 60 seconds.
Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.
Frequently asked questions What is CWE-1255?
How serious is CWE-1255?
What languages or platforms are affected by CWE-1255?
How can I prevent CWE-1255?
How does Plexicus detect and fix CWE-1255?
Where can I learn more about CWE-1255?
Frequently asked questions
What is CWE-1255?
This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.
How serious is CWE-1255?
MITRE has not published a likelihood-of-exploit rating for this weakness. Treat it as medium-impact until your threat model proves otherwise.
What languages or platforms are affected by CWE-1255?
MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.
How can I prevent CWE-1255?
The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check. Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.
How does Plexicus detect and fix CWE-1255?
Plexicus's SAST engine matches the data-flow signature for CWE-1255 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.
Where can I learn more about CWE-1255?
MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/1255.html. You can also reference OWASP and NIST documentation for adjacent guidance.
Related weaknesses
Weaknesses related to CWE-1255
CWE-1300 Parent
Improper Protection of Physical Side Channels
This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit…
CWE-1259 Peer
Improper Restriction of Security Token Assignment
This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly secure its Security Token mechanism. These tokens control which…
Ready when you are
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.