Description
The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.
Extended Description
When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the product does not actually enable the encryption. Alternately, the user might provide a "restrict ALL" access control rule, but the product only implements "restrict SOME".
CVE vulnerabilities with CWE-446 (3)
8.6
CVSS
HIGH
CVE-2025-52983
pub. 2025-07-11
5.9
CVSS
MEDIUM
CVE-2025-8353
pub. 2025-07-30
3.7
CVSS
LOW
CVE-2023-1768
pub. 2023-04-04