CWE-446: UI Discrepancy for Security Feature

Description

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the product does not actually enable the encryption. Alternately, the user might provide a "restrict ALL" access control rule, but the product only implements "restrict SOME".

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-447: Unimplemented or Unsupported Feature in UI
Go to
CWE-448: Obsolete Feature in UI
Go to
CWE-449: The UI Performs the Wrong Action
Go to
CWE-684: Incorrect Provision of Specified Functionality
Go to

Visit http://cwe.mitre.org/ for more details.