It was found that the API server '--anonymous-auth' configuration parameter is not set to false. When enabled, requests to the api server can be executed without any authentication.
Recommended Mitigation
It is recommended to use authentication to manage the access to the api server. To disable anonymous authentication the '--anonymous-auth' parameter should be set to false.