SFP Secondary Cluster: State Disclosure
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the State Disclosure cluster.
Weaknesses
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or...
The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent ...
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security...
The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allows attac...
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control...
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information a...
Concepts
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.