MFA disabled for GitHub organization or enterprise
Description
AlphaSOC detected that multi-factor authentication (MFA) was disabled for a GitHub organization or enterprise. MFA serves as a critical security control by requiring users to provide two forms of authentication before accessing GitHub resources.
Impact
Disabling MFA increases the risk of unauthorized access through compromised credentials. Threat actors can leverage stolen passwords to access source code, intellectual property, and sensitive configurations. This access enables adversaries to modify code, insert malware, or steal secrets stored in repositories.
Severity
| Severity | Condition |
|---|---|
Low | MFA disabled for GitHub organization or enterprise |
Investigation and Remediation
Review GitHub audit logs to identify who disabled MFA and when. Re-enable MFA immediately for the organization. Enforce MFA for all users and administrative accounts. Review repository access logs for suspicious activity. Rotate any exposed secrets or credentials. Review GitHub security settings and access controls.