ClassDraft

CWE-655Insufficient Psychological Acceptability

Category: other

Description

The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism
    By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise.

Potential mitigations· 2

  • [Testing]Where possible, perform human factors and usability studies to identify where your product's security mechanisms are difficult to use, and why.
  • [Architecture and Design]Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results.

References

  1. https://cwe.mitre.org/data/definitions/655.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
CWE
Improper Physical Access Control
CWE
Reliance on Untrusted Inputs in a Security Decision
CWE
Violation of Secure Design Principles
CWE
Improperly Implemented Security Check for Standard
CWE
Missing Critical Step in Authentication
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.