logo

Reliance on a Single Factor in a Security Decision

Draft Base
Structure: Simple
Description

This vulnerability occurs when a system's security check depends almost entirely on just one condition, object, or piece of data to decide whether to grant access to sensitive resources or actions. It's like having a single, easily compromised lock on a vault, instead of a layered defense.

Extended Description

In modern applications, security decisions—like logging in a user, approving a transaction, or accessing admin functions—should be based on multiple, independent factors. Relying on just one factor, such as a single cookie, a hidden form field, or a geolocation check, creates a fragile security model. An attacker only needs to bypass or forge that one element to break the entire protection scheme, leading to unauthorized access, data breaches, or privilege escalation. To prevent this, developers should implement defense-in-depth by combining multiple verification factors. This includes using standard, well-tested authentication mechanisms, enforcing proper session management, and adding contextual checks like multi-factor authentication (MFA), rate limiting, or behavioral analysis. The goal is to ensure that if one security layer fails, others remain in place to stop an attack, making the system resilient against single points of failure.
Common Consequences 2
Scope: Access Control

Impact: Gain Privileges or Assume Identity

If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor.

Scope: Non-Repudiation

Impact: Hide Activities

It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker.
Potential Mitigations 2
Phase: Architecture and Design
Use multiple simultaneous checks before granting access to critical operations or granting critical privileges. A weaker but helpful mitigation is to use several successive checks (multiple layers of security).
Phase: Architecture and Design
Use redundant access rules on different choke points (e.g., firewalls).
Demonstrative Examples 2
Password-only authentication is perhaps the most well-known example of use of a single factor. Anybody who knows a user's password can impersonate that user.
When authenticating, use multiple factors, such as "something you know" (such as a password) and "something you have" (such as a hardware-based one-time password generator, or a biometric device).
Observed Examples 1
CVE-2022-35248Chat application skips validation when Central Authentication Service (CAS) is enabled, effectively removing the second factor from two-factor authentication
References 2
The Protection of Information in Computer Systems
Jerome H. Saltzer and Michael D. Schroeder
Proceedings of the IEEE 63
09-1975
http://web.mit.edu/Saltzer/www/publications/protection/
ID: REF-196
Separation of Privilege
Sean Barnum and Michael Gegick
06-12-2005
https://web.archive.org/web/20220126060047/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/separation-of-privilege(2023-04-07)
ID: REF-535
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Operation
Related Attack Patterns
Alternate Terms

Separation of Privilege

Some people and publications use the term "Separation of Privilege" to describe this weakness, but this term has dual meanings in current usage. While this entry is closely associated with the original definition of "Separation of Privilege" by Saltzer and Schroeder, others use the same term to describe poor compartmentalization (Improper Isolation or Compartmentalization). Because there are multiple interpretations, use of the "Separation of Privilege" term is discouraged.
Related Weaknesses
ChildOf: Violation of Secure Design Principles (CWE-657)
ChildOf: Protection Mechanism Failure (CWE-693)
Taxonomy Mapping
  • ISA/IEC 62443
  • ISA/IEC 62443
  • ISA/IEC 62443
Notes
MaintenanceThis entry is closely associated with the term "Separation of Privilege." This term is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (Improper Isolation or Compartmentalization) and using only one factor in a security decision (this entry). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that Improper Isolation or Compartmentalization and Reliance on a Single Factor in a Security Decision will provoke further discussion.