Information Exposure Through an External Behavioral Inconsistency
Weakness ID: 207 (Weakness Variant)Status: Draft
+ Description

Description Summary

The product behaves differently than other products like it, in a way that is observable to an attacker and exposes security-relevant information about which product is being used.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Observed Examples
CVE-2002-0208Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.
CVE-2004-2252Behavioral infoleak by responding to SYN-FIN packets.
CVE-2000-1142Honeypot generates an error with a "pwd" command in a particular directory, allowing attacker to know they are in a honeypot system.
+ Potential Mitigations

Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

Setup generic response pages for error condition. The error page should not disclose information about the success or failure of a sensitive operation. For instance, the login page should not confirm that the login is correct and the password incorrect. The attacker who tries random account name may be able to guess some of them. Confirming that the account exists would make the login page more susceptible to brute force attack.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base205Information Exposure Through Behavioral Discrepancy
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERExternal behavioral inconsistency infoleak
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-12-28CWE Content TeamMITREInternal
updated Description, Name
Previous Entry Names
Change DatePrevious Entry Name
2009-12-28External Behavioral Inconsistency Information Leak