UI Discrepancy for Security Feature
Incomplete Class
Structure: Simple
Description
The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.
When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the product does not actually enable the encryption. Alternately, the user might provide a "restrict ALL" access control rule, but the product only implements "restrict SOME".
Common Consequences 1
Scope: Other
Impact: Varies by Context
Observed Examples 1
CVE-1999-1446UI inconsistency; visited URLs list not cleared when "Clear History" option is selected.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
Taxonomy Mapping
- PLOVER
Notes
MaintenanceThis entry is likely a loose composite that could be broken down into the different types of errors that cause the user interface to have incorrect interactions with the underlying security feature.