Unimplemented or Unsupported Feature in UI

Draft Base

Structure: Simple

Description

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.

Common Consequences 1

Scope: Other

Impact: Varies by Context

Potential Mitigations 1

Phase: Testing

Perform functionality testing before deploying the application.

Observed Examples 4

CVE-2000-0127GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.

CVE-2001-0863Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.

CVE-2001-0865Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.

CVE-2004-0979Web browser does not properly modify security setting when the user sets it.

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

UI Discrepancy for Security Feature (CWE-446)

ChildOf:

Lack of Administrator Control over Security (CWE-671)

Taxonomy Mapping

PLOVER

Notes

Research GapThis issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.