Skip to main content

Lack of multi-factor authentication


Critical services of the system, such as databases, shared resources containing sensitive information and web services, are not protected by a multi-factor authentication mechanism. This makes it easier for an attacker who has compromised a user’s account to access those resources.