CWE-1291: Public Key Re-Use for Signing both Debug and Production Code
low-riskThe same public key is used for signing both debug and production code.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Memory
Detection Methods
Architecture or Design Review
Compare the debug key with the production key to make sure that they are not the same.
Dynamic Analysis with Manual Results Interpretation
Compare the debug key with the production key to make sure that they are not the same.
Real-World Examples (1)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-1665 | 8.2 | 0.1% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal