Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-8V55-RM6P-87P5

Vulnerability from github – Published: 2022-02-15 00:03 – Updated: 2026-07-14 12:31
VLAI
Details

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-17T02:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.",
  "id": "GHSA-8v55-rm6p-87p5",
  "modified": "2026-07-14T12:31:06Z",
  "published": "2022-02-15T00:03:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23303"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-585531.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-16"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2022-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V5G-66MQ-9CW8

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2022-05-24 16:53
VLAI
Details

Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-13T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.",
  "id": "GHSA-8v5g-66mq-9cw8",
  "modified": "2022-05-24T16:53:11Z",
  "published": "2022-05-24T16:53:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13420"
    },
    {
      "type": "WEB",
      "url": "https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0"
    },
    {
      "type": "WEB",
      "url": "https://search-guard.com/cve-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8VMQ-8657-WM23

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI
Details

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287",
  "id": "GHSA-8vmq-8657-wm23",
  "modified": "2022-04-06T00:01:53Z",
  "published": "2022-03-31T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39756"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-12l"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8VPW-MGPF-MPVV

Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2024-11-13 22:52
VLAI
Summary
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
Details

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tornado"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-9720"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-01T20:53:42Z",
    "nvd_published_at": "2020-01-24T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.",
  "id": "GHSA-8vpw-mgpf-mpvv",
  "modified": "2024-11-13T22:52:57Z",
  "published": "2022-05-17T19:57:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9720"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2020-213.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tornadoweb/tornado"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/05/19/4"
    },
    {
      "type": "WEB",
      "url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)"
}

GHSA-8VXV-2G8P-2249

Vulnerability from github – Published: 2022-05-24 21:33 – Updated: 2022-05-24 21:33
VLAI
Summary
Observable Timing Discrepancy in totp-rs
Details

Impact

Token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless.

Patches

Library now used constant-time comparison.

Workarounds

No.

For more information

If you have any questions or comments about this advisory: * Open an issue in totp-rs * Email us at cleo.rebert@gmail.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "totp-rs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T21:33:15Z",
    "nvd_published_at": "2022-05-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nToken comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless.\n\n### Patches\nLibrary now used constant-time comparison.\n\n### Workarounds\nNo.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [totp-rs](https://github.com/constantoine/totp-rs)\n* Email us at [cleo.rebert@gmail.com](mailto:cleo.rebert@gmail.com)\n",
  "id": "GHSA-8vxv-2g8p-2249",
  "modified": "2022-05-24T21:33:15Z",
  "published": "2022-05-24T21:33:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29185"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/issues/13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/commit/1f1e1a6fe722deb1656f483b1367ea4be978db5b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/constantoine/totp-rs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/compare/v1.0...v1.1.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Observable Timing Discrepancy in totp-rs"
}

GHSA-8X26-V7RH-6QCH

Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-04 03:30
VLAI
Details

In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-30T17:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-8x26-v7rh-6qch",
  "modified": "2023-11-04T03:30:19Z",
  "published": "2023-10-30T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21350"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/android-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8X54-9CJV-7VCH

Vulnerability from github – Published: 2024-03-21 15:31 – Updated: 2024-10-30 21:30
VLAI
Details

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-21T15:16:54Z",
    "severity": "MODERATE"
  },
  "details": "This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.\n\n",
  "id": "GHSA-8x54-9cjv-7vch",
  "modified": "2024-10-30T21:30:37Z",
  "published": "2024-03-21T15:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2464"
    },
    {
      "type": "WEB",
      "url": "https://cdex.cloud"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2024/03/CVE-2024-2463"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8X66-5H8G-HVCR

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2025-04-03 03:44
VLAI
Details

One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-1483"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.",
  "id": "GHSA-8x66-5h8g-hvcr",
  "modified": "2025-04-03T03:44:35Z",
  "published": "2022-04-30T18:18:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1483"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0%40atlas.dgp.toronto.edu"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3549"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8XX5-H6M3-JR33

Vulnerability from github – Published: 2025-09-04 20:01 – Updated: 2025-09-10 21:02
VLAI
Summary
Presta Shop vulnerable to email enumeration
Details

Impact

An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.

Impacted parties: Store administrators and employees: their email addresses are exposed. Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts.

Patches

PrestaShop 8.2.3

Workarounds

You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "prestashop/prestashop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-51586"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-359"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-04T20:01:00Z",
    "nvd_published_at": "2025-09-08T17:15:33Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAn unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.\n\nImpacted parties:\nStore administrators and employees: their email addresses are exposed.\nMerchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts.\n\n### Patches\nPrestaShop 8.2.3\n\n### Workarounds\nYou must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/",
  "id": "GHSA-8xx5-h6m3-jr33",
  "modified": "2025-09-10T21:02:35Z",
  "published": "2025-09-04T20:01:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51586"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb"
    },
    {
      "type": "WEB",
      "url": "https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PrestaShop/PrestaShop"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3"
    },
    {
      "type": "WEB",
      "url": "https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md"
    },
    {
      "type": "WEB",
      "url": "https://prestashop.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Presta Shop vulnerable to email enumeration "
}

GHSA-92CV-8JC7-JRPM

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-06-04 00:00
VLAI
Details

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.",
  "id": "GHSA-92cv-8jc7-jrpm",
  "modified": "2022-06-04T00:00:52Z",
  "published": "2022-05-24T19:04:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26314"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.