CWE-308: Use of Single-factor Authentication
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
扩展描述
While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.
潜在缓解措施
阶段: Architecture and Design
描述: Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise.
观察示例
参考: CVE-2022-35248
Chat application skips validation when Central Authentication Service (CAS) is enabled, effectively removing the second factor from two-factor authentication
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Using single-factor authentication | - |
关键信息
CWE ID: CWE-308
抽象级别: Base
结构: Simple
状态: Draft
利用可能性: High