IAM User or Group has MFA Permissions Privileges

Tenacity Id

Risk Level

Categories

iam-user-013

3

Last Updated:

April 21, 2022

An Identity Access and Management (IAM) user has been granted privileges to deactivate and reset multi-factor authentication (MFA). A malicious actor could use these elevated privileges to deactivate and reset a user’s MFA device, removing a protection built around sensitive and privileged IAM permissions. Permission to deactive and reset MFA should be limited to an admininstrative IAM user. Update any other IAM user permissions to remove this privilege.