Insufficient or Incomplete Data Removal within Hardware Component

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-1301

  • Status

    Incomplete

Contents

Description

Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed.

Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.

See Also

Comprehensive Categorization: Resource Lifecycle Management

Weaknesses in this category are related to resource lifecycle management.

Cross-Cutting Problems

Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Entries with Maintenance Notes

CWE entries in this view have maintenance notes. Maintenance notes are an indicator that an entry might change significantly in future versions. This view was created...

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.