GitHub SSH certificate requirement disabled
Description
AlphaSOC detected that the SSH certificate requirement was disabled for a GitHub organization. This configuration change removes the mandate for SSH certificates when accessing repositories, weakening authentication controls. Threat actors may disable this security feature to access the environment using compromised SSH keys without the additional verification that certificates provide.
Impact
Disabling SSH certificate requirements reduces the organization's security posture by removing an important layer of authentication. This could allow adversaries with stolen SSH keys to access repositories without the additional certificate validation, potentially leading to data exfiltration, unauthorized code changes, intellectual property theft, or other malicious activities.
Severity
| Severity | Condition |
|---|---|
Low | GitHub SSH certificate requirement disabled |
Investigation and Remediation
Review the GitHub audit logs to identify who disabled the SSH certificate requirement and verify if this change was authorized. If unauthorized, re-enable SSH certificate requirements, audit all SSH keys currently authorized for the organization, and conduct a thorough security review of the organization's GitHub environment for other signs of compromise.