K8S API server configuration allows anonymous authentication - Complete Cloud Security in Minutes - Orca Security

Authentication

K8S API server configuration allows anonymous authentication

Risk Level

Hazardous (3)

Platform(s)

N/A

Compliance Frameworks

K8s CIS

Description

It was found that the API server '--anonymous-auth' configuration parameter is not set to false. When enabled, requests to the api server can be executed without any authentication.

Recommended Mitigation

It is recommended to use authentication to manage the access to the api server. To disable anonymous authentication the '--anonymous-auth' parameter should be set to false.

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.