LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-451

CWE-451

User Interface (UI) Misrepresentation of Critical Information

Class

What it is

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event.UI misrepresentation can take many forms:- Incorrect indicator: incorrect information is displayed, which prevents the user from understanding the true state of the product or the environment the product is monitoring, especially of potentially-dangerous conditions or operations. This can be broken down into several different subtypes.- Overlay: an area of

Impact

Non-Repudiation, Access ControlHide Activities, Bypass Protection Mechanism

Mitigations

  • [Implementation] Perform data validation (e.g. syntax, length, etc.) before interpreting the data.
  • [Architecture and Design] Create a strategy for presenting information, and plan for how to display unusual characters.

Real-world CVE examples

  • CVE-2024-27936 — Chain: JavaScript-based application removes ANSI escape sequences in a dialog that asks permission for a particular file, causing the wrong filename to be visua
  • CVE-2004-2227 — Web browser's filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous exte
  • CVE-2001-0398 — Attachment with many spaces in filename bypasses "dangerous content" warning and uses different icon. Likely resultant.
  • CVE-2001-0643 — Misrepresentation and equivalence issue.
  • CVE-2005-0593 — Lock spoofing from several different weaknesses.
  • CVE-2004-1104 — Incorrect indicator: web browser can be tricked into presenting the wrong URL
  • CVE-2005-0143 — Incorrect indicator: Lock icon displayed when an insecure page loads a binary file loaded from a trusted site.
  • CVE-2005-0144 — Incorrect indicator: Secure "lock" icon is presented for one channel, while an insecure page is being simultaneously loaded in another channel.
  • CVE-2004-0761 — Incorrect indicator: Certain redirect sequences cause security lock icon to appear in web browser, even when page is not encrypted.
  • CVE-2004-2219 — Incorrect indicator: Spoofing via multi-step attack that causes incorrect information to be displayed in browser address bar.
  • CVE-2004-0537 — Overlay: Wide "favorites" icon can overlay and obscure address bar
  • CVE-2005-2271 — Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialo

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top