CWE-308

Use of Single-factor Authentication

Base

Draft

Description

The product uses an authentication algorithm that uses a single factor (e.g., a password) in a security context that should require more than one factor.

Parent Weaknesses (ChildOf)

CWE-1390: Weak Authentication...

CWE-654: Reliance on a Single Factor in...

Related Weaknesses

CWE-309 (PeerOf)

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism

Potential Mitigations

Architecture and Design

Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise. For this reason, if multiple schemes are possible, they should be implemented and required -- especially if they are easy to use.

CVE-2022-35248

Chat application skips validation when Central Authentication Service (CAS) is enabled, effectively removing the second factor from two-factor authentication

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now