CWE-308
Use of Single-factor Authentication
BaseDraftLikelihood: High
Description
The product uses an authentication algorithm that uses a single factor (e.g., a password) in a security context that should require more than one factor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-565 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653 · CAPEC-70
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-42959 | Hig | 0.53 | 8.1 | 0.00 | Jul 8, 2025 | An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability. |