Aws Root Without Mfa
Description
Detects when an AWS root account is not protected by Multi-Factor Authentication (MFA). The root account has unlimited privileges across all AWS services and resources, making it a critical security risk if compromised. Enabling MFA is an essential security control to prevent unauthorized access.
Detection Strategy
• Checks the AWS IAM account summary to verify if MFA is enabled for the root account
• Reports a vulnerability when the AccountMFAEnabled flag is set to 0 or is missing
• The vulnerability includes the root account ARN and the current MFA enabled status
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.