Szczegóły CWE-204

CWE-204

Observable Response Discrepancy
Incomplete
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Zarządzaj powiadomieniami

Nazwa: Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Informacje ogólne

Sposoby wprowadzenia

Architecture and Design : An observable response discrepancy frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. The discrepancy could be inadvertent (bug) or intentional (design).
Implementation : An observable response discrepancy frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. The discrepancy could be inadvertent (bug) or intentional (design).

Odpowiednie platformy

Język

Class: Not Language-Specific (Undetermined)

Typowe konsekwencje

Zakres Wpływ Prawdopodobieństwo
Confidentiality
Access Control		Read Application Data, Bypass Protection Mechanism

Zaobserwowane przykłady

Odniesienia Opis

CVE-2002-2094

This, and others, use ".." attacks and monitor error responses, so there is overlap with directory traversal.

CVE-2001-1483

Enumeration of valid usernames based on inconsistent responses

CVE-2001-1528

Account number enumeration via inconsistent responses.

CVE-2004-2150

User enumeration via discrepancies in error messages.

CVE-2005-1650

User enumeration via discrepancies in error messages.

CVE-2004-0294

Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.

CVE-2004-0243

Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.

CVE-2002-0514

Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.

CVE-2002-0515

Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.

CVE-2001-1387

Product may generate different responses than specified by the administrator, possibly leading to an information leak.

CVE-2004-0778

Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.

CVE-2004-1428

FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.

Potencjalne środki zaradcze

Phases : Architecture and Design
Phases : Implementation

Uwagi dotyczące mapowania podatności

Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Powiązane wzorce ataków

CAPEC-ID Nazwa wzorca ataku
CAPEC-331 ICMP IP Total Length Field Probe
An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" error message. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.
CAPEC-332 ICMP IP 'ID' Field Error Message Probe
An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. This allows the attacker to construct a fingerprint of specific OS behaviors.
CAPEC-541 Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
CAPEC-580 System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.

Notatki

can overlap errors related to escalated privileges

Odniesienia

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

Zgłoszenie

Nazwa Organizacja Data Data wydania Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modyfikacje

Nazwa Organizacja Data Komentarz
Eric Dalci Cigital 2008-07-01 +00:00 updated Potential_Mitigations, Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Relationship_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2008-10-14 +00:00 updated Description, Potential_Mitigations
CWE Content Team MITRE 2009-12-28 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2010-09-27 +00:00 updated Description, Name, Observed_Examples
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Demonstrative_Examples, Observed_Examples, References, Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2020-02-24 +00:00 updated Description, Name, Relationships
CWE Content Team MITRE 2020-12-10 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2023-01-31 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-04-03 +00:00 updated Description, Diagram, Modes_of_Introduction
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
Informacje prezentowane na CVE Find pochodzą z kilku starannie wybranych źródeł referencyjnych. Dane CVE są dostarczane przez MITRE Corporation i Narodową Bazę Podatności (NVD). Katalog znanych eksploatowanych podatności (KEV) pochodzi z Agencji ds. Bezpieczeństwa Cyberprzestrzeni i Infrastruktury (CISA), natomiast wyniki EPSS pochodzą z FIRST.org. Ponadto dane dotyczące słabości oprogramowania (CWE) i typowych wzorców ataków (CAPEC) są utrzymywane przez MITRE Corporation, a informacje o konfiguracjach sprzętu i oprogramowania (CPE) są dostarczane przez NVD.