The product uses an authentication algorithm that uses a single factor (e.g., a password) in a security context that should require more than one factor.
Scope: Access Control / Impact: Bypass Protection Mechanism
対策・緩和策
Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise. For this reason, if multiple schemes are possible, they should be implemented and required -- especially if they are easy to use.