CWE-203βObservable Discrepancy
PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30
Metadata
- CWE ID:
- CWE-203
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2026-04-30
Weakness Name
Observable Discrepancy
Description
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Common Consequences
- Scope:
- Confidentiality, Access Control
- Impact:
- Read Application Data, Bypass Protection Mechanism
- Notes:
- An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system. Other security-relevant information about the operation or internal state of the product may be revealed to an unauthorized actor, such as whether a particular operation was successful or not.
- Scope:
- Confidentiality
- Impact:
- Read Application Data
- Notes:
- In some cases, discrepancies can be used by attackers to form a side channel. When cryptographic primitives are vulnerable to side-channel attacks, this could be used to reveal unencrypted plaintext in the worst case.