Authentication

K8S API server configuration allows token-based authentication

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Basic authentication uses plaintext credentials for authentication. Currently, the basic authentication credentials last indefinitely, and the password cannot be changed without restarting the API server. It was found that the API server allows basic authentication.
  • Recommended Mitigation

    It is recommended to verify that the '--basic-auth-file' does not exist in the configuration file.