Observable Behavioral Discrepancy

The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-205

  • Status

    Incomplete

Contents

Description

Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.

See Also

Comprehensive Categorization: Sensitive Information Exposure

Weaknesses in this category are related to sensitive information exposure.

SFP Secondary Cluster: State Disclosure

This category identifies Software Fault Patterns (SFPs) within the State Disclosure cluster.

Information Management Errors

Weaknesses in this category are related to improper handling of sensitive information.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weaknesses Introduced During Design

This view (slice) lists weaknesses that can be introduced during design.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.