CWE-308: Use of Single-factor Authentication
The product uses an authentication algorithm that uses a single factor (e.g., a password) in a security context that should require more than one factor.
Last updated
Overview
CWE-308 (Use of Single-factor Authentication) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
11 recorded CVEs are caused by CWE-308 (Use of Single-factor Authentication). The highest-severity and most recent are shown first. 5 new CWE-308 CVEs have been recorded so far in 2026 (1 in 2025).
- CVE-2023-49075High · CVSS 8.5 · EPSS 70th2023-11-28
- CVE-2026-45749
Termix's TOTP two-factor authentication can be disabled or bypassed using only the account password
High · CVSS 8.1 · EPSS 25th2026-06-05 - CVE-2025-42959
Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476
High · CVSS 8.1 · EPSS 39th2025-07-08