Authentication mechanism absence or evasion - AWS
Description
The system has not been configured with one of the AWS authentication mechanism available or has one that can be bypassed.
Impact
Access among the most critical parts of an information security program.
Recommendation
Set up the operating AWS system authentication mechanisms based and evaluating the business security requirements.
Threat
Unauthorized attacker with probability of bypassing the authentication process.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
227 - Display access notification228 - Authenticate using standard protocols229 - Request access credentials231 - Implement a biometric verification component235 - Define credential interface264 - Request authentication319 - Make authentication options equally secureFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N