CWE-203—Observable Discrepancy
PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
Metadata
- CWE ID:
- CWE-203
- 摘要:
- Base
- 结构:
- Simple
- 状态:
- Incomplete
- 发布日期:
- 2006-07-19
- 更新日期:
- 2026-04-30
描述
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
常见后果
- 范围:
- Confidentiality, Access Control
- 影响:
- Read Application Data, Bypass Protection Mechanism
- 注释:
- An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system. Other security-relevant information about the operation or internal state of the product may be revealed to an unauthorized actor, such as whether a particular operation was successful or not.
- 范围:
- Confidentiality
- 影响:
- Read Application Data
- 注释:
- In some cases, discrepancies can be used by attackers to form a side channel. When cryptographic primitives are vulnerable to side-channel attacks, this could be used to reveal unencrypted plaintext in the worst case.