Read Time:42 Second

Description

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a “restrict ALL'” access control rule, but the software only implements “restrict SOME”.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-684

 

Consequences

Other: Varies by Context

 

Potential Mitigations

CVE References

  • CVE-1999-1446
    • UI inconsistency; visited URLs list not cleared when “Clear History” option is selected.