CWE

Use of Single-factor Authentication

ID: 308		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Base

Description

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

Extended Description

While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.

Likelihood of Exploit: High

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Bypass protection mechanism	If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design		Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise.

Relationships

Related CWE	Type	View	Chain
CWE-308 ChildOf CWE-898	Category	CWE-888

Demonstrative Examples   (Details)

1. In both of these examples, a user is logged in if their given password matches a stored password: (Demonstrative Example Id DX-101)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CLASP		Using single-factor authentication

References:
None