CWE-655

Insufficient Psychological Acceptability

Class

Draft

Description

The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.

Parent Weaknesses (ChildOf)

CWE-657: Violation of Secure Design Pri...

CWE-693: Protection Mechanism Failure...

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism

Potential Mitigations

Testing

Where possible, perform human factors and usability studies to identify where your product's security mechanisms are difficult to use, and why.

Architecture and Design

Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now