CWE-203β€”Observable Discrepancy

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30
CWE-203 - Observable Discrepancy - Diagram

Metadata

CWE ID:
CWE-203
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Observable Discrepancy

Description

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

Common Consequences

Scope:
Confidentiality, Access Control
Impact:
Read Application Data, Bypass Protection Mechanism
Notes:
An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system. Other security-relevant information about the operation or internal state of the product may be revealed to an unauthorized actor, such as whether a particular operation was successful or not.
Scope:
Confidentiality
Impact:
Read Application Data
Notes:
In some cases, discrepancies can be used by attackers to form a side channel. When cryptographic primitives are vulnerable to side-channel attacks, this could be used to reveal unencrypted plaintext in the worst case.

Related Weaknesses