ClassIncomplete

CWE-446UI Discrepancy for Security Feature

Category: other

Description

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the product does not actually enable the encryption. Alternately, the user might provide a "restrict ALL" access control rule, but the product only implements "restrict SOME".

Common consequences· 1

  • Other — Varies by Context

References

  1. https://cwe.mitre.org/data/definitions/446.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Unimplemented or Unsupported Feature in UI
CWE
User Interface (UI) Misrepresentation of Critical Information
CWE
Multiple Interpretations of UI Input
CWE
Observable Discrepancy
CWE
The UI Performs the Wrong Action
CWE
Insufficient UI Warning of Dangerous Operations
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.