CWE-655 - Insufficient Psychological Acceptability
- Abstraction:Class
- Structure:Simple
- Status:Draft
- Release Date:2008-01-30
- Latest Modification Date:2023-06-29
Weakness Name
Insufficient Psychological Acceptability
Description
The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Notes: By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise.