Basic authentication uses plaintext credentials for authentication. Currently, the basic authentication credentials last indefinitely, and the password cannot be changed without restarting the API server. It was found that the API server allows basic authentication.
Recommended Mitigation
It is recommended to verify that the '--basic-auth-file' does not exist in the configuration file.