Lack of multi-factor authentication
Description
Critical services of the system, such as databases, shared resources containing sensitive information and web services, are not protected by a multi-factor authentication mechanism. This makes it easier for an attacker who has compromised a user's account to access those resources.
Impact
Multi-factor authentication is flawed to the point where it can be bypassed entirely.
Recommendation
Implement a double factor authentication by software or hardware to increase the protection level of the resources authentication.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 15 minutes.