Identify and remediate public cloud compliance misconfigurations, mitigate security threats and control your expenses from one simple, easy to use platform.
April 21, 2022
An Identity Access and Management (IAM) user has been granted privileges to deactivate and reset multi-factor authentication (MFA). A malicious actor could use these elevated privileges to deactivate and reset a user’s MFA device, removing a protection built around sensitive and privileged IAM permissions. Permission to deactive and reset MFA should be limited to an admininstrative IAM user. Update any other IAM user permissions to remove this privilege.