Authentication

GKE using Basic Authentication

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Basic Authentication allows a user to authenticate to a Kubernetes cluster with a username and static password which is stored in plaintext (without any encryption). Disabling Basic Authentication will prevent attacks like brute force and credential stuffing. It was detected that {GcpGkeCluster} uses basic auth to authenticate requests to the API server.