Category: SFP Secondary Cluster: Feature
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Feature cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-447 | Unimplemented or Unsupported Feature in UI | This vulnerability occurs when a user interface displays a security feature as active and functional, but the underlying code that powers it is either missing or disabled. Users receive visual confirmation that a protection is in place, creating a false sense of security. |
| CWE-448 | Obsolete Feature in UI | This vulnerability occurs when a user interface (UI) includes outdated or deprecated features, but fails to alert users about their obsolete status. This can mislead users into relying on functionality that may be broken, unsupported, or pose a security risk. |
| CWE-449 | The UI Performs the Wrong Action | This vulnerability occurs when a user interface (UI) element or command performs a different, unintended action than what the user requested, potentially leading to security bypass, data corruption, or unexpected system behavior. |
| CWE-450 | Multiple Interpretations of UI Input | This vulnerability occurs when a user interface can interpret the same input in multiple ways, but automatically chooses a less secure option without warning the user. |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information | This vulnerability occurs when a user interface fails to accurately display or highlight crucial information, potentially misleading users about the true state of the system or the source of data. Attackers exploit this weakness to trick users into performing unintended actions, often as part of phishing campaigns or other deception-based attacks. |
| CWE-549 | Missing Password Field Masking | This vulnerability occurs when an application fails to hide password characters as they are typed, making them visible to anyone who can see the screen. This exposes user credentials to onlookers or screen-capturing malware. |
| CWE-655 | Insufficient Psychological Acceptability | This weakness occurs when security features are so cumbersome or confusing that well-intentioned users feel forced to turn them off or find workarounds, defeating their purpose entirely. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.