Category: SFP Secondary Cluster: Feature

Incomplete

Summary

This category identifies Software Fault Patterns (SFPs) within the Feature cluster.

Membership

ID	Name	Description
CWE-447	Unimplemented or Unsupported Feature in UI	A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.
CWE-448	Obsolete Feature in UI	A UI function is obsolete and the product does not warn the user.
CWE-449	The UI Performs the Wrong Action	The UI performs the wrong action with respect to the user's request.
CWE-450	Multiple Interpretations of UI Input	The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.
CWE-451	User Interface (UI) Misrepresentation of Critical Information	The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
CWE-549	Missing Password Field Masking	The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
CWE-655	Insufficient Psychological Acceptability	The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.
CWE-888	Software Fault Pattern (SFP) Clusters	CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Vulnerability Mapping Notes

Usage: Prohibited

Reasons: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comment:

See member weaknesses of this category.