CWE-655 - Insufficient Psychological Acceptability

CWE-655

Abstraction:
Class

Structure:
Simple

Status:
Draft

Weakness Name: Insufficient Psychological Acceptability

Description: The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism
Notes: By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise.

Related Weaknesses

CWE-657Violation of Secure Design Principles

CWE-693Protection Mechanism Failure

Release Date:
2008-01-30

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard