CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: User Interface Security Issues

Category ID: 355
Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to or introduced in the User Interface (UI).
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness VariantWeakness Variant317Cleartext Storage of Sensitive Information in GUI
Development Concepts699
ParentOfWeakness BaseWeakness Base356Product UI does not Warn User of Unsafe Actions
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base357Insufficient UI Warning of Dangerous Operations
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base446UI Discrepancy for Security Feature
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base450Multiple Interpretations of UI Input
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base451User Interface (UI) Misrepresentation of Critical Information
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant549Missing Password Field Masking
Development Concepts699
MemberOfViewView699Development Concepts
Development Concepts (primary)699
+ Research Gaps

User interface errors that are relevant to security have not been studied at a high level.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVER(UI) User Interface Errors
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2017-01-19CWE Content TeamMITREInternal
updated Applicable_Platforms, Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017 
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
Privacy policy
Terms of use
Contact us