CWE-449: The UI Performs the Wrong Action The UI Performs the Wrong Action
Weakness ID: 449 (Weakness Base) Status: Incomplete
Description
Description Summary
The UI performs the wrong action with respect to the user's request.
Time of Introduction
Common Consequences
Scope Effect Other
Technical Impact: Quality degradation; Varies by context
Observed Examples
Reference Description CVE-2001-1387 Network firewall accidentally implements one
command line option as if it were another, possibly leading to behavioral
infoleak. CVE-2001-0081 Command line option correctly suppresses a user
prompt but does not properly disable a feature, although when the product
prompts the user, the feature is properly
disabled. CVE-2002-1977 Product does not "time out" according to user
specification, leaving sensitive data available after it has
expired.
Potential Mitigations
Perform extensive functionality testing of the UI. The UI should
behave as specified.
Relationships
Nature Type ID Name View(s) this relationship pertains to ChildOf Weakness Base 446 UI Discrepancy for Security Feature Development Concepts (primary) 699
Research Concepts (primary) 1000
ChildOf Category 906 SFP Cluster: UI Software Fault Pattern (SFP) Clusters (primary) 888
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name PLOVER The UI performs the wrong action
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Potential_Mitigations,
Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Relationships,
Taxonomy_Mappings 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2011-06-27 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Relationships
Description
