CWE-655: Insufficient Psychological Acceptability
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise.
潜在缓解措施
阶段: Testing
描述: Where possible, perform human factors and usability studies to identify where your product's security mechanisms are difficult to use, and why.
阶段: Architecture and Design
描述: Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| ISA/IEC 62443 | Part 2-1 | Req 4.3.3.6 | - |
| ISA/IEC 62443 | Part 4-1 | Req SD-4 | - |