Common Weakness Enumeration

CWE-204

Allowed

Observable Response Discrepancy

Abstraction: Base · Status: Incomplete

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

297 vulnerabilities reference this CWE, most recent first.

GHSA-WMWF-49VV-P3MR

Vulnerability from github – Published: 2023-08-03 19:44 – Updated: 2023-08-04 13:31
VLAI
Summary
Sulu Observable Response Discrepancy on Admin Login
Details

Impact

It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist.

Impacted by this issue are Sulu installation >= 2.5.0 and <2.5.10 using the newer Symfony Security System which is default since Symfony 6.0 but can be enabled in Symfony 5.4. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue.

Patches

The problem has been patched in version 2.5.10.

Workarounds

Create a custom AuthenticationFailureHandler which does not return the $exception->getMessage(); instead the $exception->getMessageKey();

References

Currently no references.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sulu/sulu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-39343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-204"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-03T19:44:28Z",
    "nvd_published_at": "2023-08-04T01:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nIt allows over the Admin Login form to detect which user (username, email) exists and which one do not exist.\n\nImpacted by this issue are Sulu installation \u003e= 2.5.0 and \u003c2.5.10 using the newer Symfony Security System which is default since Symfony 6.0 but can be enabled in Symfony 5.4. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue.\n\n### Patches\n\nThe problem has been patched in version 2.5.10. \n\n### Workarounds\n\nCreate a custom AuthenticationFailureHandler which does not return the `$exception-\u003egetMessage();` instead the `$exception-\u003egetMessageKey();`\n\n### References\n\nCurrently no references.\n",
  "id": "GHSA-wmwf-49vv-p3mr",
  "modified": "2023-08-04T13:31:19Z",
  "published": "2023-08-03T19:44:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39343"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sulu/sulu/CVE-2023-39343.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sulu/sulu"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sulu Observable Response Discrepancy on Admin Login"
}

GHSA-WQ63-C6FV-J4J6

Vulnerability from github – Published: 2024-09-26 18:31 – Updated: 2024-10-04 18:31
VLAI
Details

The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-26T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.",
  "id": "GHSA-wq63-c6fv-j4j6",
  "modified": "2024-10-04T18:31:09Z",
  "published": "2024-09-26T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47129"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X6WP-VGMQ-CC83

Vulnerability from github – Published: 2024-03-15 09:30 – Updated: 2024-03-15 09:30
VLAI
Details

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T07:15:10Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891.",
  "id": "GHSA-x6wp-vgmq-cc83",
  "modified": "2024-03-15T09:30:37Z",
  "published": "2024-03-15T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2482"
    },
    {
      "type": "WEB",
      "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.256891"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.256891"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X739-3P6G-JXHJ

Vulnerability from github – Published: 2025-04-30 12:31 – Updated: 2025-04-30 12:31
VLAI
Details

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-30T12:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.",
  "id": "GHSA-x739-3p6g-jxhj",
  "modified": "2025-04-30T12:31:24Z",
  "published": "2025-04-30T12:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24342"
    },
    {
      "type": "WEB",
      "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X854-VVHC-P3C8

Vulnerability from github – Published: 2025-06-11 15:30 – Updated: 2025-06-11 15:30
VLAI
Details

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0163"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-11T15:15:29Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.",
  "id": "GHSA-x854-vvhc-p3c8",
  "modified": "2025-06-11T15:30:29Z",
  "published": "2025-06-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0163"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7236314"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XW86-Q236-P57V

Vulnerability from github – Published: 2025-05-13 12:31 – Updated: 2025-05-13 12:31
VLAI
Details

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T10:15:21Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions \u003c V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.",
  "id": "GHSA-xw86-q236-p57v",
  "modified": "2025-05-13T12:31:35Z",
  "published": "2025-05-13T12:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51447"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-162255.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XXW2-9C45-R2HR

Vulnerability from github – Published: 2026-03-13 21:31 – Updated: 2026-03-18 15:30
VLAI
Details

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-204"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-13T19:54:34Z",
    "severity": "MODERATE"
  },
  "details": "Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.",
  "id": "GHSA-xxw2-9c45-r2hr",
  "modified": "2026-03-18T15:30:42Z",
  "published": "2026-03-13T21:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2859"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/18994"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-331: ICMP IP Total Length Field Probe

An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" error message. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.

CAPEC-332: ICMP IP 'ID' Field Error Message Probe

An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. This allows the attacker to construct a fingerprint of specific OS behaviors.

CAPEC-541: Application Fingerprinting

An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.

CAPEC-580: System Footprinting

An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.