Insufficient Authentication Controls

Overview

Insufficient Authentication Controls usually ties into not having MFA enforced. If there is no MFA or a way to bypass it the severity rating is High at a minimum.

If you're not getting access anywhere with your pentest and can't tell if they're using MFA, you can ask the client if they have it enforced or not so you can include it on your report if they don't have it in writing from them.

Example 1

Example 2

PreviousCommon Pentest Findings NextWeak Password Policy

Last updated 10 months ago

Was this helpful?