Category: SFP Secondary Cluster: Security
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Security cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-356 | Product UI does not Warn User of Unsafe Actions | The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system. |
| CWE-357 | Insufficient UI Warning of Dangerous Operations | The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention. |
| CWE-446 | UI Discrepancy for Security Feature | The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.