CWE - CWE-654: Reliance on a Single Factor in a Security Decision (2.1)

Home > CWE List > CWE- Individual Dictionary Definition (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-654: Reliance on a Single Factor in a Security Decision

Reliance on a Single Factor in a Security Decision

Weakness ID: 654 (Weakness Base)

Status: Draft

Description

Description Summary

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.

Alternate Terms

Separation of Privilege:

Some people and publications use the term "Separation of Privilege" to describe this weakness, but this term has dual meanings in current usage. While this node is closely associated with the original definition of "Separation of Privilege" by Saltzer and Schroeder, others use the same term to describe poor compartmentalization (CWE-653). Because there are multiple interpretations, use of the "Separation of Privilege" term is discouraged.

Time of Introduction

Architecture and Design
Implementation
Operation

Applicable Platforms

Languages

All

Common Consequences

Scope	Effect
Access Control	Technical Impact: Gain privileges / assume identity If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor.
Non-Repudiation	Technical Impact: Hide activities It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker.

Demonstrative Examples

Example 1

Password-only authentication is perhaps the most well-known example of use of a single factor. Anybody who knows a user's password can impersonate that user.

Example 2

When authenticating, use multiple factors, such as "something you know" (such as a password) and "something you have" (such as a hardware-based one-time password generator, or a biometric device).

Potential Mitigations

Use multiple simultaneous checks before granting access to critical operations or granting critical privileges. A weaker but helpful mitigation is to use several successive checks (multiple layers of security).

Use redundant access rules on different choke points (e.g., firewalls).

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	254	Security Features	Development Concepts699
ChildOf	Weakness Class	657	Violation of Secure Design Principles	Development Concepts (primary)699 Research Concepts (primary)1000
ChildOf	Weakness Class	693	Protection Mechanism Failure	Research Concepts1000
ParentOf	Weakness Base	308	Use of Single-factor Authentication	Research Concepts1000
ParentOf	Weakness Base	309	Use of Password System for Primary Authentication	Research Concepts1000

Causal Nature

Implicit

Related Attack Patterns

CAPEC-ID	Attack Pattern Name	(CAPEC Version: 1.6)
274	HTTP Verb Tampering

References

Jerome H. Saltzer and Michael D. Schroeder. "The Protection of Information in Computer Systems". Proceedings of the IEEE 63. September, 1975. <http://web.mit.edu/Saltzer/www/publications/protection/>.

Sean Barnum and Michael Gegick. "Separation of Privilege". 2005-12-06. <https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/357.html>.

Maintenance Notes

This node is closely associated with the term "Separation of Privilege." This term is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (CWE-653) and using only one factor in a security decision (this node). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-01-18	Pascal Meunier	Purdue University	External Submission
2008-01-18
Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time_of_Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Alternate_Terms, Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities
2009-01-12	CWE Content Team	MITRE	Internal
2009-01-12	updated Description, Name
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Relationships
2010-04-05	CWE Content Team	MITRE	Internal
2010-04-05	updated Related_Attack_Patterns
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences, Maintenance_Notes, Other_Notes
Previous Entry Names
Change Date	Previous Entry Name
2009-01-12	Design Principle Violation: Reliance on a Single Factor in a Security Decision

Page Last Updated: September 12, 2011


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us