Read Time:30 Second

Description

The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-357

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References