BaseDraft

CWE-450Multiple Interpretations of UI Input

Category: other

Description

The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.

Common consequences· 1

  • Other — Varies by Context

Potential mitigations· 2

  • [Implementation]
  • [Implementation]Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

References

  1. https://cwe.mitre.org/data/definitions/450.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Misinterpretation of Input
CWE
Reliance on Untrusted Inputs in a Security Decision
CWE
Improper Validation of Unsafe Equivalence in Input
CWE
Violation of Secure Design Principles
CWE
Insufficient Type Distinction
CWE
Improperly Implemented Security Check for Standard
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.