K8S API server configuration allows token-based authentication

Authentication

K8S API server configuration allows token-based authentication

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
ISO/IEC 27001
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

It was found that the API server allows token-based authentication. Those tokens are stored in cleartext in the api server and can't be revoked or rotated without restarting the api server.

Recommended Mitigation

It is recommended to verify that the '--token-auth-file' does not exist in the configuration file.

K8S API server configuration allows token-based authentication

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS