cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1303
Views
0
Helpful
0
Replies

New Blog Post: Potential Gaps in Suggested Amazon Web Services’ Security Policies for MFA

Dooley
Level 3
Level 3

During a recent review of current guidance from Amazon Web Services (AWS) for enforcing multi-factor authentication, Duo’s Production Engineering team noticed some documentation gaps with AWS’s suggested policies. They found that an attacker could potentially circumvent the need for an MFA device if they compromised a user’s access keys. Duo coordinated with AWS’s security team to disclose the gaps found in an AWS tutorial on enabling users to configure their own credentials and MFA settings.

Check out the blog post, written by AWS Security Consultant Scott Piper,
for a more detailed account of the three gaps they found, an overview of mitigation techniques and our conclusions here: https://duo.com/blog/potential-gaps-in-suggested-amazon-web-services-security-policies-for-mfa

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links