CWE-447 – Unimplemented or Unsupported Feature in UI

Read Time:45 Second

Description

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-446
CWE-671

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Testing

Description: 

Perform functionality testing before deploying the application.

CVE References

  • CVE-2000-0127
    • GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.
  • CVE-2001-0863
    • Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.
  • CVE-2001-0865
    • Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.
  • CVE-2004-0979
    • Web browser does not properly modify security setting when the user sets it.