Description
The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.
Potential Impact
Non-Repudiation
Hide Activities
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2007-1099 | User not sufficiently warned if host key mismatch occurs |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Insufficient UI warning of dangerous operations
Frequently Asked Questions
What is CWE-357?
CWE-357 (Insufficient UI Warning of Dangerous Operations) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.
How can CWE-357 be exploited?
Attackers can exploit CWE-357 (Insufficient UI Warning of Dangerous Operations) to hide activities. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-357?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-357?
CWE-357 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.