logo

CWE-308 - Use of Single-factor Authentication

CWE-308 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Use of Single-factor Authentication

Description

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.

Common Consequences

Scope: Access Control

Impact: Bypass Protection Mechanism

Notes: If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.

Related Weaknesses

CWE-1390Weak Authentication

CWE-654Reliance on a Single Factor in a Security Decision

CWE-309Use of Password System for Primary AuthenticationHigh

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-10-26

Free security scan for your website