CWE-205: Observable Behavioral Discrepancy
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
Last updated
Overview
Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.
Real-world CVEs
2 recorded CVEs are caused by CWE-205 (Observable Behavioral Discrepancy). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-205 is exploited.
Read Application Data, Bypass Protection Mechanism
Affects: Confidentiality, Access Control