CWE-447: Unimplemented or Unsupported Feature in UI

Description

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2000-0127

GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.
CVE: CVE-2001-0863

Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.
CVE: CVE-2001-0865

Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.
CVE: CVE-2004-0979

Web browser does not properly modify security setting when the user sets it.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Varies by Context — Notes:

Potential Mitigations

Testing: Perform functionality testing before deploying the application. (N/A)

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

Research Gap: This issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.

← Back to CWE list