CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)


The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist.

UI misrepresentation can take many forms:

  • Incorrect indicator
  • Overlay
  • Icon manipulation
  • Timing
  • Visual truncation:
  • Visual distinction
  • Homographs
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-451


Description of CWE-451 on Mitre website