CWE-203— Observable Discrepancy (Information Exposure via Side Channel)
724 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-203page 1 of 15
- CVE-2000-1117NONECVSS 0.0EG 0.02001-01-09
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemR…
- CVE-2001-1387NONECVSS 0.0EG 0.02001-11-05
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an in…
- CVE-2001-1483NONECVSS 0.0EG 0.02001-12-31
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account doe…
- CVE-2001-1528NONECVSS 0.0EG 0.02001-12-31
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
- CVE-2002-0208NONECVSS 0.0EG 0.02002-05-16
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
- CVE-2002-0514NONECVSS 0.0EG 0.02002-08-12
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
- CVE-2002-0515NONECVSS 0.0EG 0.02002-08-12
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
- CVE-2002-2094NONECVSS 0.0EG 0.02002-12-31
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but …
- CVE-2003-0190NONECVSS 0.0EG 0.02003-05-12
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
- CVE-2003-0637NONECVSS 0.0EG 0.02003-08-27
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
- CVE-2004-0243NONECVSS 0.0EG 0.02004-11-23
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
- CVE-2004-0294NONECVSS 0.0EG 0.02004-11-23
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
- CVE-2004-0778NONECVSS 0.0EG 0.02004-10-20
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be return…
- CVE-2004-1428NONECVSS 0.0EG 0.02004-12-31
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
- CVE-2004-1602NONECVSS 0.0EG 0.02004-10-15
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
- CVE-2004-2150NONECVSS 0.0EG 0.02004-12-31
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.
- CVE-2004-2252NONECVSS 0.0EG 0.02004-12-31
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
- CVE-2005-0918NONECVSS 0.0EG 0.02005-05-05
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Jav…
- CVE-2005-1650NONECVSS 0.0EG 0.02005-05-18
The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.
- CVE-2010-10006LOWCVSS 2.6EG 2.62023-01-18
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing…
- CVE-2013-10006LOWCVSS 2.6EG 7.52023-01-01
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserCol…
- CVE-2013-1422MEDIUMCVSS 5.3EG 5.32020-02-04
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
- CVE-2013-1620NONECVSS 0.0EG 0.02013-02-08
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to…
- CVE-2014-4156MEDIUMCVSS 5.3EG 5.32020-01-27
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability
- CVE-2014-9720MEDIUMCVSS 6.5EG 6.52020-01-24
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted re…
- CVE-2015-0837MEDIUMCVSS 5.9EG 5.92019-11-29
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last…
- CVE-2015-8313MEDIUMCVSS 5.9EG 5.92019-12-20
GnuTLS incorrectly validates the first byte of padding in CBC modes
- CVE-2016-15015LOWCVSS 2.6EG 2.62023-01-08
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepanc…
- CVE-2016-20012MEDIUMCVSS 5.3EG 5.32021-09-15
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when…
- CVE-2017-15533MEDIUMCVSS 5.9EG 5.92018-05-17
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the …
- CVE-2017-18268MEDIUMCVSS 5.9EG 5.92018-05-17
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL co…
- CVE-2017-5715MEDIUMCVSS 5.6EG 9.02018-01-04
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVE-2017-5753MEDIUMCVSS 5.6EG 9.02018-01-04
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVE-2018-0134MEDIUMCVSS 5.3EG 5.32018-02-08
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS s…
- CVE-2018-0495MEDIUMCVSS 4.7EG 4.72018-06-13
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ec…
- CVE-2018-1000119MEDIUMCVSS 5.9EG 5.92018-03-07
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity …
- CVE-2018-1000884CRITICALCVSS 9.8EG 9.82018-12-20
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, li…
- CVE-2018-10919MEDIUMCVSS 4.3EG 6.52018-08-22
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expr…
- CVE-2018-10949MEDIUMCVSS 5.3EG 5.32018-05-10
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
- CVE-2018-14597MEDIUMCVSS 5.3EG 5.32018-10-17
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
- CVE-2018-16868MEDIUMCVSS 5.6EG 5.62018-12-03
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, coul…
- CVE-2018-16869MEDIUMCVSS 5.7EG 5.72018-12-03
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim proces…
- CVE-2018-3615HIGHCVSS 7.3EG 6.42018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user acce…
- CVE-2018-3620MEDIUMCVSS 5.6EG 5.62018-08-14
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side…
- CVE-2018-3639MEDIUMCVSS 5.5EG 5.52018-05-22
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local use…
- CVE-2018-3640MEDIUMCVSS 5.6EG 5.62018-05-22
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, a…
- CVE-2018-5407MEDIUMCVSS 4.7EG 4.72018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
- CVE-2018-9192MEDIUMCVSS 5.9EG 5.92018-09-05
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable b…
- CVE-2018-9194MEDIUMCVSS 5.9EG 5.92018-09-05
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable b…
- CVE-2018-9364HIGHCVSS 7.5EG 7.52024-11-19
In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.
Map vulnerabilities like CWE-203 to your infrastructure
EchelonGraph correlates every CVE — across CWE-203 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →