H3-2023-0008

AWS Multi-Factor Authentication Disabled


Category	`CREDENTIALS`
Base Score	`9.8`

Description

An AWS account was accessed without any multi-factor authentication enabled.

Impact

This misconfiguration permits remote attackers to conduct credential attacks like password spraying to compromise an account and using it to further compromise an organization.

References

How to Enable Multi-Factor Authentication in AWS