Base weakness
Incomplete
Log in
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
Last updated
Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.
2 recorded CVEs are caused by CWE-205 (Observable Behavioral Discrepancy). The highest-severity and most recent are shown first.
What can happen when CWE-205 is exploited.
Read Application Data, Bypass Protection Mechanism
Affects: Confidentiality, Access Control
Typically introduced during these phases of the software lifecycle.
Real CVEs that MITRE cites as examples of this weakness.
CAPEC attack patterns that exploit this weakness.
Common questions about CWE-205.
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
2 recorded CVEs are attributed to CWE-205, including CVE-2024-6129, CVE-2017-11155.
Exploiting CWE-205 can lead to: Read Application Data, Bypass Protection Mechanism.
2 recorded CVEs are caused by CWE-205; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-205 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.