Observable Behavioral Discrepancy
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.
Weaknesses in this category are related to sensitive information exposure.
This category identifies Software Fault Patterns (SFPs) within the State Disclosure cluster.
Weaknesses in this category are related to improper handling of sensitive information.
This view (slice) covers all the elements in CWE.
This view (slice) lists weaknesses that can be introduced during implementation.
This view (slice) lists weaknesses that can be introduced during design.