CWE-451β€”User Interface (UI) Misrepresentation of Critical Information

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30

Metadata

CWE ID:
CWE-451
Abstraction:
Class
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

User Interface (UI) Misrepresentation of Critical Information

Description

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event. UI misrepresentation can take many forms:

Common Consequences

Scope:
Non-Repudiation, Access Control
Impact:
Hide Activities, Bypass Protection Mechanism

Related Weaknesses