CWE-205
Observable Behavioral Discrepancy
AI Translation Available
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
Status
incomplete
Abstraction
base
Affected Platforms
Extended Description
AI Translation
Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.
Technical Details
AI Translation
Common Consequences
confidentiality
access control
Impacts
read application data
bypass protection mechanism