CWE-449 – The UI Performs the Wrong Action

Read Time:37 Second

Description

The UI performs the wrong action with respect to the user’s request.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-446

 

Consequences

Other: Quality Degradation, Varies by Context

 

Potential Mitigations

Phase: Testing

Description: 

Perform extensive functionality testing of the UI. The UI should behave as specified.

CVE References

  • CVE-2001-1387
    • Network firewall accidentally implements one command line option as if it were another, possibly leading to behavioral infoleak.
  • CVE-2001-0081
    • Command line option correctly suppresses a user prompt but does not properly disable a feature, although when the product prompts the user, the feature is properly disabled.
  • CVE-2002-1977
    • Product does not “time out” according to user specification, leaving sensitive data available after it has expired.