CWE-654: Reliance on a Single Factor in a Security Decision
Also known as: Separation of Privilege
A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.
Last updated
Overview
CWE-654 (Reliance on a Single Factor in a Security Decision) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-654 is exploited.
Gain Privileges or Assume Identity
Affects: Access Control
If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor.
Hide Activities
Affects: Non-Repudiation
It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.