CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-VPCR-5M3V-Q2CF
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
{
"affected": [],
"aliases": [
"CVE-2018-9194"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-05T13:29:00Z",
"severity": "MODERATE"
},
"details": "A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server\u0027s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.",
"id": "GHSA-vpcr-5m3v-q2cf",
"modified": "2022-05-13T01:53:52Z",
"published": "2022-05-13T01:53:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9194"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-17-302"
},
{
"type": "WEB",
"url": "https://robotattack.org"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/144389"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VQ4H-9GHM-QMRR
Vulnerability from github – Published: 2023-03-30 03:30 – Updated: 2023-04-07 19:23HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/vault"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/vault"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/vault"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25000"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-07T19:23:01Z",
"nvd_published_at": "2023-03-30T01:15:00Z",
"severity": "MODERATE"
},
"details": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.",
"id": "GHSA-vq4h-9ghm-qmrr",
"modified": "2023-04-07T19:23:01Z",
"published": "2023-03-30T03:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25000"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault/pull/19495"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/vault"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing vulnerable to cache-timing attacks"
}
GHSA-VQ86-43RV-WRV5
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2022-04-29 02:58CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
{
"affected": [],
"aliases": [
"CVE-2004-0778"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-10-20T04:00:00Z",
"severity": "MODERATE"
},
"details": "CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.",
"id": "GHSA-vq86-43rv-wrv5",
"modified": "2022-04-29T02:58:20Z",
"published": "2022-04-29T02:58:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0778"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17001"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688"
},
{
"type": "WEB",
"url": "http://www.idefense.com/application/poi/display?id=130\u0026type=vulnerabilities"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/579225"
},
{
"type": "WEB",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/10955"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VQQ4-V6W9-FVX4
Vulnerability from github – Published: 2022-04-30 18:19 – Updated: 2022-04-30 18:19PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
{
"affected": [],
"aliases": [
"CVE-2002-0514"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-08-12T04:00:00Z",
"severity": "MODERATE"
},
"details": "PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.",
"id": "GHSA-vqq4-v6w9-fvx4",
"modified": "2022-04-30T18:19:22Z",
"published": "2022-04-30T18:19:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0514"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/8738.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/265188"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/4401"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VW87-WRX2-XWXQ
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2024-02-20 15:31IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.
{
"affected": [],
"aliases": [
"CVE-2023-50306"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T14:15:08Z",
"severity": "MODERATE"
},
"details": "IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.",
"id": "GHSA-vw87-wrx2-xwxq",
"modified": "2024-02-20T15:31:04Z",
"published": "2024-02-20T15:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50306"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273337"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7120660"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VWVJ-6VW9-CW8W
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:59It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
{
"affected": [],
"aliases": [
"CVE-2019-13627"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-25T15:15:00Z",
"severity": "MODERATE"
},
"details": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",
"id": "GHSA-vwvj-6vw9-cw8w",
"modified": "2024-04-04T01:59:36Z",
"published": "2022-05-24T16:56:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13627"
},
{
"type": "WEB",
"url": "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://minerva.crocs.fi.muni.cz"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13627"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-32"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4236-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4236-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4236-3"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VXH8-6CJW-3MRV
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202298672
{
"affected": [],
"aliases": [
"CVE-2022-20293"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "MODERATE"
},
"details": "In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202298672",
"id": "GHSA-vxh8-6cjw-3mrv",
"modified": "2022-08-16T00:00:22Z",
"published": "2022-08-13T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20293"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W2F9-GH9J-C75F
Vulnerability from github – Published: 2022-04-30 18:22 – Updated: 2022-04-30 18:22Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
{
"affected": [],
"aliases": [
"CVE-2002-2094"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root\u0027s parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.",
"id": "GHSA-w2f9-gh9j-c75f",
"modified": "2022-04-30T18:22:29Z",
"published": "2022-04-30T18:22:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2094"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/7930.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3908"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W2FW-QQQW-V63M
Vulnerability from github – Published: 2024-01-31 09:30 – Updated: 2025-11-04 21:31An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
{
"affected": [],
"aliases": [
"CVE-2024-23170"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-31T08:15:42Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"id": "GHSA-w2fw-qqqw-v63m",
"modified": "2025-11-04T21:31:04Z",
"published": "2024-01-31T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23170"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2"
},
{
"type": "WEB",
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W322-W9FV-RX3M
Vulnerability from github – Published: 2024-04-04 15:30 – Updated: 2024-04-04 15:30A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
{
"affected": [],
"aliases": [
"CVE-2024-3296"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T14:15:11Z",
"severity": "MODERATE"
},
"details": "A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.",
"id": "GHSA-w322-w9fv-rx3m",
"modified": "2024-04-04T15:30:34Z",
"published": "2024-04-04T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3296"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-3296"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269723"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.