CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-447: Unimplemented or Unsupported Feature in UI

Weakness ID: 447
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Other

Technical Impact: Varies by context

+ Observed Examples
ReferenceDescription
GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.
Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.
Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.
Web browser does not properly modify security setting when the user sets it.
+ Potential Mitigations

Phase: Testing

Perform functionality testing before deploying the application.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base446UI Discrepancy for Security Feature
Development Concepts (primary)699
Research Concepts1000
ChildOfWeakness ClassWeakness Class671Lack of Administrator Control over Security
Research Concepts (primary)1000
ChildOfCategoryCategory995SFP Secondary Cluster: Feature
Software Fault Pattern (SFP) Clusters (primary)888
+ Research Gaps

This issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUnimplemented or unsupported feature in UI
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings
2009-12-28CWE Content TeamMITREInternal
updated Other_Notes, Potential_Mitigations, Research_Gaps
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-07-30CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017