User in use with disabled MFA

Risk Level

Hazardous (3)

Compliance Frameworks


Multi-Factor Authentication (MFA) adds another mechanism of authentication on top of a username and password. It makes it harder for an attacker to gain access to protected resources. Therefore, MFA should be enabled for all users that have console logon password enabled. We have found that the user {AliCloudUser} (ID: {AliCloudUser.UserId}) does not have MFA enabled.