User Interface Security Issues

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to or introduced in the User Interface (UI).


Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusio...

Insufficient UI Warning of Dangerous Operations

The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.

Insufficient Visual Distinction of Homoglyphs Presented to User

The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or iden...

Missing Password Field Masking

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Obsolete Feature in UI

A UI function is obsolete and the product does not warn the user.

Product UI does not Warn User of Unsafe Actions

The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into ...

The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.

Unimplemented or Unsupported Feature in UI

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not...


Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.