CWE-204

Overview

CWE ID
204

CWE Name
Observable Response Discrepancy

CWE Abstraction
Base

CWE structure
Simple

CWE Status
Incomplete

Description

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Extended Description

This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).

Related CWEs

CWE ID	View ID	Nature	Ordinal
203	1000	ChildOf	Primary

Related CVEs

CVE
CVE-2022-31248
CVE-2022-22520
CVE-2022-41697
CVE-2022-0564
CVE-2023-1540
CVE-2023-27464
CVE-2023-32346
CVE-2023-23449
CVE-2023-28412
CVE-2022-39315
CVE-2023-3221
CVE-2024-31870
CVE-2021-20556
CVE-2023-4095
CVE-2023-3336
CVE-2023-31186
CVE-2023-37217
CVE-2023-27283
CVE-2023-40179
CVE-2023-41885
CVE-2023-23584
CVE-2023-50306
CVE-2023-39343
CVE-2023-35698
CVE-2023-38362
CVE-2024-2482
CVE-2024-6056
CVE-2024-24766
CVE-2024-1145
CVE-2024-28232
CVE-2024-28868
CVE-2024-25146
CVE-2023-50306
CVE-2023-39343
CVE-2023-35698
CVE-2023-38362
CVE-2024-2482
CVE-2024-6056
CVE-2024-24766
CVE-2024-1145
CVE-2024-28232
CVE-2024-28868
CVE-2024-25146
CVE-2024-38322
CVE-2024-36996
CVE-2023-33859
CVE-2024-40627
CVE-2024-39912
CVE-2024-38431
CVE-2024-42343
CVE-2023-49069
CVE-2024-8651
CVE-2024-8651
CVE-2024-8651
CVE-2024-8651
CVE-2024-8651
CVE-2024-8651
CVE-2024-8651
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-8651
CVE-2024-41715
CVE-2024-47129
CVE-2024-41715
CVE-2024-47129
CVE-2022-20633
CVE-2024-12663