CWE-654 1 CVEs MITRE definition ↗

CWE-654: Reliance on a Single Factor in a Security Decision

Overview

CWE-654 (Reliance on a Single Factor in a Security Decision) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2024-24771 2024-02-07 Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their crede…

Previous names

  • Design Principle Violation: Reliance on a Single Factor in a Security Decision (2009-01-12)

Content submission

Name
Pascal Meunier
Organization
Purdue University
Date
2008-01-18
Version
Draft 8

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Alternate_Terms, Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities
2009-01-12 CWE Content Team 1.2 updated Description, Name
2009-05-27 CWE Content Team 1.4 updated Relationships
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Maintenance_Notes, Other_Notes
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Alternate_Terms, Maintenance_Notes
2022-10-13 CWE Content Team 4.9 updated References
2023-04-27 CWE Content Team 4.11 updated References, Relationships, Taxonomy_Mappings
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples

Contributions

Type Name Date Comment
Content "Mapping CWE to 62443" Sub-Working Group 2023-04-25 Suggested mappings to ISA/IEC 62443.
cvelogic Threat Intelligence