CWE-204 - Observable Response Discrepancy
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2025-04-03
Weakness Name
Observable Response Discrepancy
Description
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Common Consequences
Scope: Confidentiality, Access Control
Impact: Read Application Data, Bypass Protection Mechanism