CWE-203Observable Discrepancy

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
CWE-203 - Observable Discrepancy - Diagram

Metadata

CWE ID:
CWE-203
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Observable Discrepancy

描述

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

常见后果

范围:
Confidentiality, Access Control
影响:
Read Application Data, Bypass Protection Mechanism
注释:
An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system. Other security-relevant information about the operation or internal state of the product may be revealed to an unauthorized actor, such as whether a particular operation was successful or not.
范围:
Confidentiality
影响:
Read Application Data
注释:
In some cases, discrepancies can be used by attackers to form a side channel. When cryptographic primitives are vulnerable to side-channel attacks, this could be used to reveal unencrypted plaintext in the worst case.

相关 CWE