CWE-308 · Use of Single-factor Authentication
9 CVEs classified under CWE-308 (Use of Single-factor Authentication). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-49075 | High | 8.5 | 2023-11-28 | The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authe… |
CVE-2026-45749 | High | 8.1 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/t… |
CVE-2025-42959 | High | 8.1 | 2025-07-08 | An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific secur… |
CVE-2023-25681 | Medium | 5.3 | 2024-03-05 | LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only use… |
CVE-2023-50934 | Medium | 5.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-fact… |
CVE-2023-34228 | Medium | 5.3 | 2023-05-31 | In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions |
CVE-2026-33550 | Low | 2.0 | 2026-03-22 | SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended). |
CVE-2025-64103 | | 2025-10-29 | Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMF… | |
CVE-2024-47652 | | 2024-10-04 | This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any use… |