241 – Authentication mechanism absence or evasion - AWS

Description

The system has not been configured with one of the AWS authentication mechanism available or has one that can be bypassed.

Impact

Access among the most critical parts of an information security program.

Recommendation

Set up the operating AWS system authentication mechanisms based and evaluating the business security requirements.

Threat

Unauthorized attacker with probability of bypassing the authentication process.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 227 - Display access notification
• 228 - Authenticate using standard protocols
• 229 - Request access credentials
• 231 - Implement a biometric verification component
• 235 - Define credential interface
• 264 - Request authentication
• 319 - Make authentication options equally secure

Fixes

• Aws

Last updated

2024/02/16