Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-446: UI Discrepancy for Security Feature

Weakness ID: 446
Abstraction: Base
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

Extended Description

When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a "restrict ALL'" access control rule, but the software only implements "restrict SOME".

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Common Consequences

Technical Impact: Varies by context

+ Observed Examples
UI inconsistency; visited URLs list not cleared when "Clear History" option is selected.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory355User Interface Security Issues
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base684Incorrect Provision of Specified Functionality
Research Concepts (primary)1000
ChildOfCategoryCategory996SFP Secondary Cluster: Security
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base447Unimplemented or Unsupported Feature in UI
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness BaseWeakness Base448Obsolete Feature in UI
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base449The UI Performs the Wrong Action
Development Concepts (primary)699
Research Concepts (primary)1000
+ Relationship Notes

This is often resultant.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUser interface inconsistency
+ Maintenance Notes

This node is likely a loose composite that could be broken down into the different types of errors that cause the user interface to have incorrect interactions with the underlying security feature.

+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings, Type
2008-10-14CWE Content TeamMITREInternal
updated Description, Maintenance_Notes, Other_Notes
2011-03-29CWE Content TeamMITREInternal
updated Other_Notes, Relationship_Notes
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-01-30User Interface Discrepancy for Security Feature
2008-04-11User Interface Discrepancy for Security Feature

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017