BaseIncomplete

CWE-203Observable Discrepancy

Category: other

Description

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

Common consequences· 2

  • Confidentiality / Access Control — Read Application Data, Bypass Protection Mechanism
    An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system. Other security-relevant information about the operation or internal state of the product may be revealed to an unauthorized actor, such as whether a particular operation was successful or not.
  • Confidentiality — Read Application Data
    In some cases, discrepancies can be used by attackers to form a side channel. When cryptographic primitives are vulnerable to side-channel attacks, this could be used to reveal unencrypted plaintext in the worst case.

Potential mitigations· 2

  • [Architecture and Design]
  • [Implementation]

Related CAPEC attack patterns· 1

CAPEC-189

References

  1. https://cwe.mitre.org/data/definitions/203.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternBlack Box Reverse Engineeringcapec-189100%live

(incoming)5

TypeTargetConfidenceTier
VulnerabilityCVE-2025-10890cve-2025-108900%live
VulnerabilityCVE-2025-27667cve-2025-276670%live
VulnerabilityCVE-2026-23519cve-2026-235190%live
VulnerabilityCVE-2026-41588cve-2026-415880%live
KEVEntryTwilio Authy Information Disclosure Vulnerabilitykev-cve-2024-398910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Observable Response Discrepancy
CWE
Observable Behavioral Discrepancy
CWE
Improper Access Control
CWE
Incorrect Comparison
CWE
Reliance on Untrusted Inputs in a Security Decision
CWE
Insufficient Verification of Data Authenticity
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.