Authentication mechanism absence or evasion - AWS
Description
The system has not been configured with one of the AWS authentication mechanism available or has one that can be bypassed.
Impact
Access among the most critical parts of an information security program.
Recommendation
Set up the operating AWS system authentication mechanisms based and evaluating the business security requirements.
Threat
Unauthorized attacker with probability of bypassing the authentication process.
Expected Remediation Time
⌚ 60 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: N
- Attack complexity: L
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: L
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: X
- Remediation level: X
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
- Score:
- Base: 6.5
- Temporal: 6.5
- Severity:
- Base: Medium
- Temporal: Medium
Requirements
- 227.Display access notification
- 228.Authenticate using standard protocols
- 229.Request access credentials
- 231.Implement a biometric verification component
- 235.Define credential interface
- 264.Request authentication
- 319.Make authentication options equally secure
Fixes
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.