Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-WJ6H-64FC-37MP

Vulnerability from github – Published: 2024-01-22 21:35 – Updated: 2025-07-30 18:17
VLAI
Summary
Minerva timing attack on P-256 in python-ecdsa
Details

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.sign_digest() API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ecdsa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-22T21:35:27Z",
    "nvd_published_at": "2024-01-23T00:15:26Z",
    "severity": "HIGH"
  },
  "details": "python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.",
  "id": "GHSA-wj6h-64fc-37mp",
  "modified": "2025-07-30T18:17:40Z",
  "published": "2024-01-22T21:35:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23342"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tlsfuzzer/python-ecdsa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md"
    },
    {
      "type": "WEB",
      "url": "https://minerva.crocs.fi.muni.cz"
    },
    {
      "type": "WEB",
      "url": "https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Minerva timing attack on P-256 in python-ecdsa"
}

GHSA-WJ7X-544H-J3J3

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:02
VLAI
Details

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:41:00Z",
    "severity": "HIGH"
  },
  "details": "An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.",
  "id": "GHSA-wj7x-544h-j3j3",
  "modified": "2022-03-17T00:02:05Z",
  "published": "2022-03-11T00:02:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36517"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/17"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/20"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/50"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/51"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/53"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/54"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/64"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/issues/70"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/pull/55"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/pull/56"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/pull/58"
    },
    {
      "type": "WEB",
      "url": "https://github.com/home-assistant/plugin-dns/pull/59"
    },
    {
      "type": "WEB",
      "url": "https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM4V-X65G-M25R

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20
VLAI
Details

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-3640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-22T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
  "id": "GHSA-wm4v-x65g-m25r",
  "modified": "2022-05-13T01:20:14Z",
  "published": "2022-05-13T01:20:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3640"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/support/security/Synology_SA_18_23"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4273"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3756-1"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180521-0001"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "type": "WEB",
      "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104228"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040949"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM74-PVWW-Q7H2

Vulnerability from github – Published: 2026-03-19 21:30 – Updated: 2026-03-23 21:30
VLAI
Details

In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3580"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-19T20:16:14Z",
    "severity": "LOW"
  },
  "details": "In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.",
  "id": "GHSA-wm74-pvww-q7h2",
  "modified": "2026-03-23T21:30:49Z",
  "published": "2026-03-19T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3580"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/9855"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WMHC-QW7C-4774

Vulnerability from github – Published: 2023-12-19 00:30 – Updated: 2023-12-19 00:30
VLAI
Details

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.

This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-18T22:15:08Z",
    "severity": "MODERATE"
  },
  "details": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n",
  "id": "GHSA-wmhc-qw7c-4774",
  "modified": "2023-12-19T00:30:17Z",
  "published": "2023-12-19T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23584"
    },
    {
      "type": "WEB",
      "url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ63-C6FV-J4J6

Vulnerability from github – Published: 2024-09-26 18:31 – Updated: 2024-10-04 18:31
VLAI
Details

The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-26T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.",
  "id": "GHSA-wq63-c6fv-j4j6",
  "modified": "2024-10-04T18:31:09Z",
  "published": "2024-09-26T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47129"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WQPF-C66X-5M73

Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-19 00:00
VLAI
Details

In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187956596

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-12T15:15:00Z",
    "severity": "LOW"
  },
  "details": "In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187956596",
  "id": "GHSA-wqpf-c66x-5m73",
  "modified": "2022-08-19T00:00:38Z",
  "published": "2022-08-13T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20320"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WR86-4777-GMQ8

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-12T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",
  "id": "GHSA-wr86-4777-gmq8",
  "modified": "2022-05-24T17:30:32Z",
  "published": "2022-05-24T17:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5143"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WRJW-6W8M-XCWH

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-14T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.",
  "id": "GHSA-wrjw-6w8m-xcwh",
  "modified": "2022-05-24T17:28:13Z",
  "published": "2022-05-24T17:28:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11683"
    },
    {
      "type": "WEB",
      "url": "https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213"
    },
    {
      "type": "WEB",
      "url": "https://labs.f-secure.com/advisories/microchip-at91bootstrap"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WRWF-PMMJ-W989

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-07-01 20:14
VLAI
Summary
Observable Discrepancy in BouncyCastle
Details

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk15on"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-13098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-01T20:14:25Z",
    "nvd_published_at": "2017-12-13T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\"",
  "id": "GHSA-wrwf-pmmj-w989",
  "modified": "2022-07-01T20:14:25Z",
  "published": "2022-05-13T01:14:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13098"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bcgit/bc-java"
    },
    {
      "type": "WEB",
      "url": "https://robotattack.org"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20171222-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4072"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/144389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Observable Discrepancy in BouncyCastle"
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.