CWE-204
Observable Response Discrepancy
Description
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-331 · CAPEC-332 · CAPEC-541 · CAPEC-580
CVEs mapped to this weakness (79)
page 1 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25350 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2026 | userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to… | ||
| CVE-2025-5485 | — | Hig | 0.56 | 8.6 | 0.00 | Jun 12, 2025 | User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through … | |
| CVE-2025-12455 | Hig | 0.49 | 7.5 | 0.00 | Mar 13, 2026 | Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X,… | ||
| CVE-2025-46390 | — | Hig | 0.49 | 7.5 | 0.00 | Aug 6, 2025 | CWE-204: Observable Response Discrepancy | |
| CVE-2025-3092 | — | Hig | 0.49 | 7.5 | 0.00 | Jun 24, 2025 | An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. | |
| CVE-2026-4113 | Hig | 0.47 | 7.2 | 0.00 | Apr 9, 2026 | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | ||
| CVE-2021-47717 | Med | 0.45 | — | 0.00 | Dec 9, 2025 | IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information. | ||
| CVE-2025-34155 | Med | 0.45 | — | 0.01 | Oct 23, 2025 | Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account… | ||
| CVE-2025-2910 | Med | 0.45 | — | 0.00 | Mar 28, 2025 | User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages. | ||
| CVE-2026-34264 | Med | 0.42 | 6.5 | 0.00 | Apr 14, 2026 | During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of… | ||
| CVE-2026-33419 | Hig | 0.42 | 7.5 | 0.00 | Mar 24, 2026 | MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error… | ||
| CVE-2026-43926 | Med | 0.41 | — | 0.00 | Jun 4, 2026 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only… | ||
| CVE-2025-23214 | Med | 0.38 | — | 0.01 | Jan 20, 2025 | Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in… | ||
| CVE-2024-39211 | Med | 0.35 | 5.3 | 0.01 | Jul 4, 2024 | Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists. | ||
| CVE-2016-9499 | Med | 0.35 | 5.3 | 0.08 | Jul 13, 2018 | Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. | ||
| CVE-2026-45620 | Med | 0.34 | 5.3 | 0.00 | May 29, 2026 | WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) and hard-coded rowCount=10. This enables unauthenticated user enumeration. | ||
| CVE-2024-0391 | — | Med | 0.34 | 5.3 | 0.00 | May 11, 2026 | The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks.… | |
| CVE-2026-20195 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called.… | ||
| CVE-2025-62181 | Med | 0.34 | 5.3 | 0.00 | Dec 10, 2025 | Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only… | ||
| CVE-2025-25236 | Med | 0.34 | 5.3 | 0.00 | Nov 12, 2025 | Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks. |
- risk 0.64cvss 9.8epss 0.00
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to…
- risk 0.56cvss 8.6epss 0.00
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through …
- risk 0.49cvss 7.5epss 0.00
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X,…
- risk 0.49cvss 7.5epss 0.00
CWE-204: Observable Response Discrepancy
- risk 0.49cvss 7.5epss 0.00
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
- risk 0.47cvss 7.2epss 0.00
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
- risk 0.45cvss —epss 0.00
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
- risk 0.45cvss —epss 0.01
Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account…
- risk 0.45cvss —epss 0.00
User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages.
- risk 0.42cvss 6.5epss 0.00
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of…
- risk 0.42cvss 7.5epss 0.00
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error…
- risk 0.41cvss —epss 0.00
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only…
- risk 0.38cvss —epss 0.01
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in…
- risk 0.35cvss 5.3epss 0.01
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
- risk 0.35cvss 5.3epss 0.08
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
- risk 0.34cvss 5.3epss 0.00
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) and hard-coded rowCount=10. This enables unauthenticated user enumeration.
- risk 0.34cvss 5.3epss 0.00
The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks.…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called.…
- risk 0.34cvss 5.3epss 0.00
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only…
- risk 0.34cvss 5.3epss 0.00
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.