Configuration Management / Privileged users NOT marked as 'sensitive and not allowed for delegation'

Description

This vulnerability pertains to privileged user accounts that are not appropriately marked as 'sensitive and not allowed for delegation' within an organization's authentication and authorization systems. Privileged users typically have elevated access privileges, granting them extensive control over critical systems, sensitive data, and network infrastructure. Failure to designate these accounts as 'sensitive and not allowed for delegation' may expose the organization to increased security risks.

Risk

The primary risk associated with this vulnerability lies in the potential compromise of privileged user accounts. Without proper restrictions, malicious actors could exploit these accounts to gain unauthorized access to sensitive information, manipulate critical systems, and escalate their privileges within the network. This could lead to unauthorized data access, service disruptions, and even the compromise of the entire infrastructure. Additionally, the lack of proper delegation controls might allow attackers to move laterally within the network, increasing the scope and impact of a potential security incident.

Solution

Ensure that all privileged user accounts are appropriately marked as 'sensitive and not allowed for delegation'.