CWE-1255 – Comparison Logic is Vulnerable to Power Side-Channel Attacks | Common Weakness Enumeration (CWE)

Overview

CWE-1255 (Comparison Logic is Vulnerable to Power Side-Channel Attacks) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2025-3301	2025-04-29	DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A su…
CVE-2024-39920	2024-07-03	The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client syste…
CVE-2024-25714	2024-02-11	In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the t…

Content submission

Name: CWE Content Team
Organization: MITRE
Date: 2020-05-29
Version: 4.2

Content modifications

Date	Name	Version	Importance	Comment
2021-03-15	CWE Content Team	4.4	—	updated Functional_Areas, Maintenance_Notes, Relationships
2021-07-20	CWE Content Team	4.5	—	updated Demonstrative_Examples, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns
2021-10-28	CWE Content Team	4.6	—	updated Maintenance_Notes, References, Relationships, Type
2022-06-28	CWE Content Team	4.8	—	updated Relationships
2022-10-13	CWE Content Team	4.9	—	updated Demonstrative_Examples
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2024-02-29	CWE Content Team	4.14	—	updated Demonstrative_Examples
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities

Contributions

Type	Name	Date	Comment
Content	Accellera IP Security Assurance (IPSA) Working Group	2020-09-09	Submitted new material that could be added to already-existing entry CWE-1255. Added new Potential Mitigations, a new example, an observed example, and an additional reference.