Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-626R-77W5-MMMJ

Vulnerability from github – Published: 2025-07-02 21:32 – Updated: 2025-07-02 21:32
VLAI
Details

A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the Chrome elevation service and distinguish between padding and MAC errors, enabling a padding oracle attack. This allows partial decryption of the SYSTEM-DPAPI layer and eventual recovery of the user-DPAPI encrypted cookie key, which is trivially decrypted by the attacker’s own context. This issue undermines the core purpose of AppBound Encryption by enabling low-privileged cookie theft through cryptographic misuse and verbose error feedback.

Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.

This behavior arises from a combination of Chrome’s AppBound implementation and the way Microsoft Windows DPAPI reports decryption failures via Event Logs. As such, the vulnerability relies on cryptographic behavior and error visibility in all supported versions of Windows.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-02T20:15:30Z",
    "severity": "HIGH"
  },
  "details": "A padding oracle vulnerability exists in Google Chrome\u2019s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the Chrome elevation service and distinguish between padding and MAC errors, enabling a padding oracle attack. This allows partial decryption of the SYSTEM-DPAPI layer and eventual recovery of the user-DPAPI encrypted cookie key, which is trivially decrypted by the attacker\u2019s own context. This issue undermines the core purpose of AppBound Encryption by enabling low-privileged cookie theft through cryptographic misuse and verbose error feedback.\n\nConfirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.\n\nThis behavior arises from a combination of Chrome\u2019s AppBound implementation and the way Microsoft Windows DPAPI reports decryption failures via Event Logs. As such, the vulnerability relies on cryptographic behavior and error visibility in all supported versions of Windows.",
  "id": "GHSA-626r-77w5-mmmj",
  "modified": "2025-07-02T21:32:00Z",
  "published": "2025-07-02T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34091"
    },
    {
      "type": "WEB",
      "url": "https://vulncheck.com/advisories/google-chrome-appbound-cookie-encryption"
    },
    {
      "type": "WEB",
      "url": "https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-643M-J2P7-PHVX

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-02T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.",
  "id": "GHSA-643m-j2p7-phvx",
  "modified": "2022-05-24T19:09:36Z",
  "published": "2022-05-24T19:09:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34575"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-64W3-4QX7-XQ7R

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-18 00:01
VLAI
Details

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "LOW"
  },
  "details": "In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180",
  "id": "GHSA-64w3-4qx7-xq7r",
  "modified": "2021-12-18T00:01:23Z",
  "published": "2021-12-16T00:01:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0990"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-654X-9Q7R-G966

Vulnerability from github – Published: 2026-02-02 21:52 – Updated: 2026-02-11 14:14
VLAI
Summary
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
Details

Summary

The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process.

Vulnerability Details

  • The password reset flow returns different responses based on whether the provided email address exists in the database or not.
  • If the email is registered, the system typically returns a success message (e.g., "Password reset link has been sent").

If the email is not registered, the system returns an error message (e.g., "User not found" or a different HTTP status code).

This discrepancy allows attackers to programmatically "enumerate" or confirm valid user emails, which can then be used for targeted phishing attacks or brute-force attempts.

Steps to Reproduce

  1. Navigate to the password reset page of the CI4MS installation.
  2. Enter an email address that you know is not registered (e.g., nonexistent@example.com) and submit. Note the response message/code.
  3. Enter an email address that is registered (e.g., an admin or test account) and submit. Note the different response.
  4. The difference between these two responses confirms the enumeration vulnerability.

Suggested Mitigation

Implement a uniform, generic response for all password reset requests, regardless of whether the email exists. Recommended message: "If an account is associated with this email address, a password reset link has been sent."

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ci4-cms-erp/ci4ms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.28.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-204"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-02T21:52:06Z",
    "nvd_published_at": "2026-02-03T22:16:31Z",
    "severity": "MODERATE"
  },
  "details": "**Summary**\n\nThe authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application\u0027s response during the password reset process.\n\n**Vulnerability Details**\n\n- The password reset flow returns different responses based on whether the provided email address exists in the database or not.\n- If the email is registered, the system typically returns a success message (e.g., \"Password reset link has been sent\").\n\nIf the email is not registered, the system returns an error message (e.g., \"User not found\" or a different HTTP status code).\n\nThis discrepancy allows attackers to programmatically \"enumerate\" or confirm valid user emails, which can then be used for targeted phishing attacks or brute-force attempts.\n\n**Steps to Reproduce**\n\n1. Navigate to the password reset page of the CI4MS installation.\n2. Enter an email address that you know is not registered (e.g., nonexistent@example.com) and submit. Note the response message/code.\n3. Enter an email address that is registered (e.g., an admin or test account) and submit. Note the different response.\n4. The difference between these two responses confirms the enumeration vulnerability.\n\n**Suggested Mitigation**\n\nImplement a uniform, generic response for all password reset requests, regardless of whether the email exists. Recommended message: \"If an account is associated with this email address, a password reset link has been sent.\"",
  "id": "GHSA-654x-9q7r-g966",
  "modified": "2026-02-11T14:14:07Z",
  "published": "2026-02-02T21:52:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-654x-9q7r-g966"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25509"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f3bafcb653"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ci4-cms-erp/ci4ms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CI4MS Vulnerable to User Email Enumeration via Password Reset Flow"
}

GHSA-679X-V483-Q6X9

Vulnerability from github – Published: 2024-07-22 21:30 – Updated: 2024-08-01 15:32
VLAI
Details

In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-22T19:15:02Z",
    "severity": "MODERATE"
  },
  "details": "In veilid-core in Veilid before 0.3.4, the protocol\u0027s ping function can be misused in a way that decreases the effectiveness of safety and private routes.",
  "id": "GHSA-679x-v483-q6x9",
  "modified": "2024-08-01T15:32:06Z",
  "published": "2024-07-22T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41880"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/veilid/veilid/-/issues/395"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67C4-7F3G-R556

Vulnerability from github – Published: 2023-12-21 21:30 – Updated: 2023-12-21 21:30
VLAI
Details

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-21T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.\n\n",
  "id": "GHSA-67c4-7f3g-r556",
  "modified": "2023-12-21T21:30:31Z",
  "published": "2023-12-21T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk/releases"
    },
    {
      "type": "WEB",
      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-688C-3X49-6RQJ

Vulnerability from github – Published: 2018-03-07 22:22 – Updated: 2023-08-29 15:23
VLAI
Summary
rack-protection gem timing attack vulnerability when validating CSRF token
Details

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack-protection"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.0.rc3"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack-protection"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0.beta1"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1000119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:18:34Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.",
  "id": "GHSA-688c-3x49-6rqj",
  "modified": "2023-08-29T15:23:28Z",
  "published": "2018-03-07T22:22:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sinatra/rack-protection/pull/98"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1060"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-1000119.yml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sinatra/rack-protection"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4247"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "rack-protection gem timing attack vulnerability when validating CSRF token"
}

GHSA-68CW-2C7V-6C2C

Vulnerability from github – Published: 2025-01-30 21:31 – Updated: 2025-02-05 06:30
VLAI
Details

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24506"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-30T19:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.",
  "id": "GHSA-68cw-2c7v-6c2c",
  "modified": "2025-02-05T06:30:26Z",
  "published": "2025-01-30T21:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24506"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-68RX-38CM-WRMP

Vulnerability from github – Published: 2022-12-20 21:30 – Updated: 2022-12-20 21:30
VLAI
Details

In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231988638

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231988638",
  "id": "GHSA-68rx-38cm-wrmp",
  "modified": "2022-12-20T21:30:19Z",
  "published": "2022-12-20T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20531"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/android-14"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69GH-8Q3C-PHMC

Vulnerability from github – Published: 2024-02-11 03:30 – Updated: 2024-08-01 15:31
VLAI
Details

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1255",
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-11T03:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)",
  "id": "GHSA-69gh-8q3c-phmc",
  "modified": "2024-08-01T15:31:26Z",
  "published": "2024-02-11T03:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25714"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babelouest/rhonabwy/commit/f9fd9a1c77e48b514ebb3baf0360f87eef3d846e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.