CWE-446

UI Discrepancy for Security Feature

AI Translation Available

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

Status

incomplete

Abstraction

class

Affected Platforms

Extended Description

AI Translation

When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the product does not actually enable the encryption. Alternately, the user might provide a 'restrict ALL' access control rule, but the product only implements 'restrict SOME'.

Technical Details

AI Translation

Common Consequences

other

Impacts

varies by context

CWE-446

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

CWE-446

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter