CWE-203
Observable Discrepancy
Description
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-189
CVEs mapped to this weakness (224)
page 11 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18887 | — | 0.00 | — | 0.01 | Nov 21, 2019 | An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. | ||
| CVE-2019-18886 | — | 0.00 | — | 0.02 | Nov 21, 2019 | An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to… | ||
| CVE-2019-10764 | — | 0.00 | — | 0.01 | Nov 18, 2019 | In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an… | ||
| CVE-2019-13628 | — | 0.00 | — | 0.00 | Oct 3, 2019 | wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer… | ||
| CVE-2019-16669 | — | 0.00 | — | 0.01 | Sep 21, 2019 | The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | ||
| CVE-2019-1020002 | 0.00 | — | 0.01 | Jul 29, 2019 | Pterodactyl before 0.7.14 with 2FA allows credential sniffing. | |||
| CVE-2013-1620 | 0.00 | — | 0.04 | Feb 8, 2013 | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and… | |||
| CVE-2007-6721 | 0.00 | — | 0.02 | Mar 30, 2009 | The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes." | |||
| CVE-2005-1650 | 0.00 | — | 0.02 | May 18, 2005 | The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | |||
| CVE-2005-0918 | 0.00 | — | 0.02 | May 5, 2005 | The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page… | |||
| CVE-2004-2252 | 0.00 | — | 0.04 | Dec 31, 2004 | The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||
| CVE-2004-2150 | 0.00 | — | 0.02 | Dec 31, 2004 | Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names. | |||
| CVE-2004-1428 | 0.00 | — | 0.03 | Dec 31, 2004 | ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. | |||
| CVE-2004-0294 | 0.00 | — | 0.02 | Nov 23, 2004 | YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. | |||
| CVE-2004-0243 | 0.00 | — | 0.02 | Nov 23, 2004 | AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | |||
| CVE-2004-0778 | 0.00 | — | 0.02 | Oct 20, 2004 | CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. | |||
| CVE-2003-0637 | 0.00 | — | 0.01 | Aug 27, 2003 | Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | |||
| CVE-2002-2094 | 0.00 | — | 0.03 | Dec 31, 2002 | Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is… | |||
| CVE-2002-0514 | 0.00 | — | 0.02 | Aug 12, 2002 | PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. | |||
| CVE-2002-0515 | 0.00 | — | 0.02 | Aug 12, 2002 | IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs. |
- CVE-2019-18887Nov 21, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
- CVE-2019-18886Nov 21, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to…
- CVE-2019-10764Nov 18, 2019risk 0.00cvss —epss 0.01
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an…
- CVE-2019-13628Oct 3, 2019risk 0.00cvss —epss 0.00
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer…
- CVE-2019-16669Sep 21, 2019risk 0.00cvss —epss 0.01
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
- CVE-2019-1020002Jul 29, 2019risk 0.00cvss —epss 0.01
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
- CVE-2013-1620Feb 8, 2013risk 0.00cvss —epss 0.04
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and…
- CVE-2007-6721Mar 30, 2009risk 0.00cvss —epss 0.02
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
- CVE-2005-1650May 18, 2005risk 0.00cvss —epss 0.02
The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.
- CVE-2005-0918May 5, 2005risk 0.00cvss —epss 0.02
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page…
- CVE-2004-2252Dec 31, 2004risk 0.00cvss —epss 0.04
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
- CVE-2004-2150Dec 31, 2004risk 0.00cvss —epss 0.02
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.
- CVE-2004-1428Dec 31, 2004risk 0.00cvss —epss 0.03
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
- CVE-2004-0294Nov 23, 2004risk 0.00cvss —epss 0.02
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
- CVE-2004-0243Nov 23, 2004risk 0.00cvss —epss 0.02
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
- CVE-2004-0778Oct 20, 2004risk 0.00cvss —epss 0.02
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
- CVE-2003-0637Aug 27, 2003risk 0.00cvss —epss 0.01
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
- CVE-2002-2094Dec 31, 2002risk 0.00cvss —epss 0.03
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is…
- CVE-2002-0514Aug 12, 2002risk 0.00cvss —epss 0.02
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
- CVE-2002-0515Aug 12, 2002risk 0.00cvss —epss 0.02
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.