CWE-203
Observable Discrepancy
Description
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-189
CVEs mapped to this weakness (224)
page 3 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-3620 | — | Med | 0.37 | 5.6 | 0.06 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | |
| CVE-2018-3640 | — | Med | 0.37 | 5.6 | 0.08 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE),… | |
| CVE-2024-54476 | Med | 0.36 | 5.5 | 0.00 | Dec 12, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data. | ||
| CVE-2016-2178 | Med | 0.36 | 5.5 | 0.01 | Jun 20, 2016 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | ||
| CVE-2024-11297 | Med | 0.35 | 5.3 | 0.01 | Dec 20, 2024 | The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract… | ||
| CVE-2024-48644 | Med | 0.35 | 5.3 | 0.01 | Oct 22, 2024 | Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially… | ||
| CVE-2018-10949 | Med | 0.35 | 5.3 | 0.02 | May 10, 2018 | mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. | ||
| CVE-2018-0134 | Med | 0.35 | 5.3 | 0.01 | Feb 8, 2018 | A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different… | ||
| CVE-2017-5107 | Med | 0.35 | 5.3 | 0.02 | Oct 27, 2017 | A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. | ||
| CVE-2017-7006 | Med | 0.35 | 5.3 | 0.01 | Jul 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same… | ||
| CVE-2017-8055 | Med | 0.35 | 5.3 | 0.02 | Apr 22, 2017 | WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could… | ||
| CVE-2016-9129 | Med | 0.35 | 5.3 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery… | ||
| CVE-2025-54477 | — | Med | 0.34 | 5.3 | 0.00 | Sep 30, 2025 | Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method. | |
| CVE-2025-24391 | Med | 0.34 | 5.3 | 0.00 | Jul 14, 2025 | A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: * OTRS… | ||
| CVE-2024-47057 | Med | 0.34 | 5.3 | 0.00 | May 28, 2025 | SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration… | ||
| CVE-2021-47664 | — | Med | 0.34 | 5.3 | 0.00 | Apr 24, 2025 | Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames. | |
| CVE-2023-37482 | — | Med | 0.34 | 5.3 | 0.00 | Feb 11, 2025 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. | |
| CVE-2025-24506 | — | Med | 0.34 | — | 0.00 | Jan 30, 2025 | A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | |
| CVE-2024-54454 | Med | 0.34 | 5.3 | 0.00 | Dec 27, 2024 | An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a… | ||
| CVE-2024-23984 | Med | 0.34 | 5.3 | 0.00 | Sep 16, 2024 | Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
- risk 0.37cvss 5.6epss 0.06
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
- risk 0.37cvss 5.6epss 0.08
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE),…
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.
- risk 0.36cvss 5.5epss 0.01
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
- risk 0.35cvss 5.3epss 0.01
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract…
- risk 0.35cvss 5.3epss 0.01
Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially…
- risk 0.35cvss 5.3epss 0.02
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different…
- risk 0.35cvss 5.3epss 0.02
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same…
- risk 0.35cvss 5.3epss 0.02
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could…
- risk 0.35cvss 5.3epss 0.01
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery…
- risk 0.34cvss 5.3epss 0.00
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: * OTRS…
- risk 0.34cvss 5.3epss 0.00
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration…
- risk 0.34cvss 5.3epss 0.00
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
- risk 0.34cvss 5.3epss 0.00
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
- risk 0.34cvss —epss 0.00
A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a…
- risk 0.34cvss 5.3epss 0.00
Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.