User Interface Security Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to or introduced in the User Interface (UI).
The product stores sensitive information in cleartext within the GUI.
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusio...
The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.
The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or iden...
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.
A UI function is obsolete and the product does not warn the user.
The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into ...
The UI performs the wrong action with respect to the user's request.
A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not...
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...