IAM misconfigurations

User with Privilege Escalation Permissions without MFA

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, CPRA, Data Security Posture Management (DSPM) Best Practices, essential_8_au, essential_8_au_level_1, essential_8_au_level_2, iso_27001_2022, iso_27002_2022, Microsoft Cloud Security Benchmark, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda, UK Cyber Essentials

Description

User has roles which allows Privilege escalation, while the user does not have multi-factor authentication activated. If the user will be compromised, the entire account can be compromised