CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-CXPR-VCG6-3H3Q
Vulnerability from github – Published: 2023-06-12 18:30 – Updated: 2024-04-04 04:43AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-34344"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-12T17:15:10Z",
"severity": "MODERATE"
},
"details": "AMI BMC contains a vulnerability in the IPMI\nhandler, where an unauthorized attacker can use certain oracles to guess a\nvalid username, which may lead to information disclosure.\n\n\n\n\n\n",
"id": "GHSA-cxpr-vcg6-3h3q",
"modified": "2024-04-04T04:43:32Z",
"published": "2023-06-12T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34344"
},
{
"type": "WEB",
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F25W-HJCW-X829
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2024-04-26 00:30PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).
{
"affected": [],
"aliases": [
"CVE-2020-14002"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-29T18:15:00Z",
"severity": "MODERATE"
},
"details": "PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).",
"id": "GHSA-f25w-hjcw-x829",
"modified": "2024-04-26T00:30:35Z",
"published": "2022-05-24T17:22:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14002"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JPV4A77EDCT4BTFO5BE26ZH72BG4E5IJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JPV4A77EDCT4BTFO5BE26ZH72BG4E5IJ"
},
{
"type": "WEB",
"url": "https://lists.tartarus.org/pipermail/putty-announce"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200717-0003"
},
{
"type": "WEB",
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"type": "WEB",
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F452-FG56-FX5M
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of
{
"affected": [],
"aliases": [
"CVE-2021-20113"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-30T14:15:00Z",
"severity": "MODERATE"
},
"details": "An exposure of sensitive information vulnerability exists in TCExam \u003c= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an \u2018unknown email\u2019 error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of",
"id": "GHSA-f452-fg56-fx5m",
"modified": "2022-05-24T22:28:35Z",
"published": "2022-05-24T22:28:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20113"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-32"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F4MG-7M9F-26XV
Vulnerability from github – Published: 2023-08-15 00:31 – Updated: 2024-04-04 06:57This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.
{
"affected": [],
"aliases": [
"CVE-2022-46724"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-14T23:15:10Z",
"severity": "LOW"
},
"details": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.",
"id": "GHSA-f4mg-7m9f-26xv",
"modified": "2024-04-04T06:57:27Z",
"published": "2023-08-15T00:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46724"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213676"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F58F-H8W5-JGJR
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-06-24 00:00Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
{
"affected": [],
"aliases": [
"CVE-2021-38562"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-18T09:15:00Z",
"severity": "HIGH"
},
"details": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.",
"id": "GHSA-f58f-h8w5-jgjr",
"modified": "2022-06-24T00:00:32Z",
"published": "2022-05-24T19:17:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38562"
},
{
"type": "WEB",
"url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c"
},
{
"type": "WEB",
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F5X4-GF23-WQM9
Vulnerability from github – Published: 2026-03-19 21:30 – Updated: 2026-03-23 21:30wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
{
"affected": [],
"aliases": [
"CVE-2026-3579"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-19T20:16:14Z",
"severity": "LOW"
},
"details": "wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.",
"id": "GHSA-f5x4-gf23-wqm9",
"modified": "2026-03-23T21:30:49Z",
"published": "2026-03-19T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3579"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/9855"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F63C-CRJV-GHR6
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-06 18:30In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21318"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:48Z",
"severity": "MODERATE"
},
"details": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-f63c-crjv-ghr6",
"modified": "2023-11-06T18:30:18Z",
"published": "2023-10-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21318"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F7HC-7G36-W53C
Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2022-04-29 02:57AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
{
"affected": [],
"aliases": [
"CVE-2004-0243"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-11-23T05:00:00Z",
"severity": "MODERATE"
},
"details": "AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.",
"id": "GHSA-f7hc-7g36-w53c",
"modified": "2022-04-29T02:57:23Z",
"published": "2022-04-29T02:57:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0243"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15172"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0313.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=107583269206044\u0026w=2"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F8PQ-R7MV-PVXM
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
{
"affected": [],
"aliases": [
"CVE-2020-9389"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-03T20:15:00Z",
"severity": "MODERATE"
},
"details": "A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.",
"id": "GHSA-f8pq-r7mv-pvxm",
"modified": "2022-05-24T17:40:55Z",
"published": "2022-05-24T17:40:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9389"
},
{
"type": "WEB",
"url": "https://support.squaredup.com/hc/en-us/articles/360017255858"
},
{
"type": "WEB",
"url": "https://support.squaredup.com/hc/en-us/articles/360019427238-CVE-2020-9389-Username-enumeration-possible-via-a-timing-attack"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F8VM-23J7-PF2R
Vulnerability from github – Published: 2024-01-23 03:31 – Updated: 2026-04-02 21:31A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
{
"affected": [],
"aliases": [
"CVE-2024-23218"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-23T01:15:11Z",
"severity": "MODERATE"
},
"details": "A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.",
"id": "GHSA-f8vm-23j7-pf2r",
"modified": "2026-04-02T21:31:35Z",
"published": "2024-01-23T03:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23218"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120304"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120306"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120309"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120311"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120880"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120884"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214055"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214059"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214060"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214061"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214055"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214059"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214061"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214082"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214085"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/36"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/39"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/40"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.