Authentication

K8S API server configuration allows token-based authentication

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the API server allows token-based authentication. Those tokens are stored in cleartext in the api server and can't be revoked or rotated without restarting the api server.
  • Recommended Mitigation

    It is recommended to verify that the '--token-auth-file' does not exist in the configuration file.