CWE-204 - Observable Response Discrepancy

CWE-204

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Observable Response Discrepancy

Description: The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).

Common Consequences: Scope: Confidentiality, Access Control
Impact: Read Application Data, Bypass Protection Mechanism

Related Weaknesses: CWE-203Observable Discrepancy

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard