Description
The UI performs the wrong action with respect to the user's request.
Potential Impact
Other
Quality Degradation, Varies by Context
Detection Methods
- Manual Analysis — Perform extensive functionality testing of the UI. The UI should behave as specified.
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2001-1387 | Network firewall accidentally implements one command line option as if it were another, possibly leading to behavioral infoleak. |
| CVE-2001-0081 | Command line option correctly suppresses a user prompt but does not properly disable a feature, although when the product prompts the user, the feature is properly disabled. |
| CVE-2002-1977 | Product does not "time out" according to user specification, leaving sensitive data available after it has expired. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — The UI performs the wrong action
Frequently Asked Questions
What is CWE-449?
CWE-449 (The UI Performs the Wrong Action) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The UI performs the wrong action with respect to the user's request.
How can CWE-449 be exploited?
Attackers can exploit CWE-449 (The UI Performs the Wrong Action) to quality degradation, varies by context. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-449?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-449?
CWE-449 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.