CWE-654 - Reliance on a Single Factor in a Security Decision
CWE-654
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Reliance on a Single Factor in a Security Decision
- Description
A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor.
Scope: Non-Repudiation
Impact: Hide Activities
Notes: It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker.
- Related Weaknesses
- Release Date:
- 2008-01-30
- Latest Modification Date:
- 2023-10-26
Free security scan for your website