K8s etcd is not using client certificate access

Best practices

K8s etcd is not using client certificate access

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCPA
CPRA
ISO/IEC 27001
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
STIG K8s
UK Cyber Essentials

Description

etcd is a highly-available key value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should not be available to unauthenticated clients. You should enable the client authentication via valid certificates to secure the access to the etcd service, Orca has detected that etcd is not configured to accept valid client certificates to allow access.

Recommended Mitigation

It is recommended to edit the etcd pod specification file to include the ""--client-cert-auth"" parameter.

K8s etcd is not using client certificate access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS