Authentication

K8S API server configuration allows anonymous authentication

Risk Level

Hazardous (3)

Platform(s)

  • N/A

Compliance Frameworks

Description

It was found that the API server '--anonymous-auth' configuration parameter is not set to false. When enabled, requests to the api server can be executed without any authentication.

  • Recommended Mitigation

    It is recommended to use authentication to manage the access to the api server. To disable anonymous authentication the '--anonymous-auth' parameter should be set to false.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.