K8s API server configuration allows basic authentication


Basic authentication uses plaintext credentials for authentication. Currently, the basic authentication credentials last indefinitely, and the password cannot be changed without restarting the API server. It was found that the API server allows basic authentication.
  • Recommended Mitigation

    It is recommended to verify that the '--basic-auth-file' does not exist in the configuration file.