BaseDraft

CWE-308Use of Single-factor Authentication

Category: auth

Description

The product uses an authentication algorithm that uses a single factor (e.g., a password) in a security context that should require more than one factor.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism
    If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.

Potential mitigations· 1

  • [Architecture and Design]Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise. For this reason, if multiple schemes are possible, they should be implemented and required -- especially if they are easy to use.

Related CAPEC attack patterns· 14

CAPEC-16CAPEC-49CAPEC-509CAPEC-55CAPEC-555CAPEC-560CAPEC-561CAPEC-565CAPEC-600CAPEC-644CAPEC-645CAPEC-652CAPEC-653CAPEC-70

References

  1. https://cwe.mitre.org/data/definitions/308.html

Exploits (incoming)14

TypeTargetConfidenceTier
AttackPatternUse of Known Kerberos Credentialscapec-652100%live
AttackPatternWindows Admin Shares with Stolen Credentialscapec-561100%live
AttackPatternPassword Brute Forcingcapec-49100%live
AttackPatternDictionary-based Password Attackcapec-16100%live
AttackPatternRainbow Table Password Crackingcapec-55100%live
AttackPatternPassword Sprayingcapec-565100%live
AttackPatternTry Common or Default Usernames and Passwordscapec-70100%live
AttackPatternUse of Known Domain Credentialscapec-560100%live
AttackPatternCredential Stuffingcapec-600100%live
AttackPatternUse of Captured Tickets (Pass The Ticket)capec-645100%live
AttackPatternUse of Captured Hashes (Pass The Hash)capec-644100%live
AttackPatternKerberoastingcapec-509100%live
AttackPatternUse of Known Operating System Credentialscapec-653100%live
AttackPatternRemote Services with Stolen Credentialscapec-555100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-42959cve-2025-429590%live
VulnerabilityCVE-2025-64103cve-2025-641030%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Weak Authentication
CWE
Insufficiently Protected Credentials
CWE
Use of Weak Credentials
CWE
Inadequate Encryption Strength
CWE
Use of Hard-coded Password
CWE
Use of Password Hash With Insufficient Computational Effort
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.