CWE-201 |
The code transmits data to another actor, but the data contains sensitive information that should not be accessible to the actor that is receiving the data. |
CWE-202 |
When trying to keep information confidential, an attacker can often infer some of the information by using statistics. |
CWE-203 |
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
CWE-204 |
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
CWE-205 |
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality. |
CWE-206 |
The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allows attackers to reveal internal state or internal decision points. |
CWE-207 |
The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker. |
CWE-208 |
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
CWE-209 |
The software generates an error message that includes sensitive information about its environment, users, or associated data. |
CWE-210 |
The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information. |