Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Kubernetes API Server must disable basic authentication to protect information in transit.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-242439 | CNTR-K8-002620 | SV-242439r712673_rule | High |
| Description |
|---|
| Kubernetes basic authentication sends and receives request containing username, uid, groups, and other fields over a clear text HTTP communication. Basic authentication does not provide any security mechanisms using encryption standards. PKI certificate-based authentication must be set over a secure channel to ensure confidentiality and integrity. Basic authentication must not be set in the manifest file. |
| STIG | Date |
|---|---|
| Kubernetes Security Technical Implementation Guide | 2021-04-14 |
Details
| Check Text ( C-45714r712671_chk ) |
|---|
| Change to the /etc/kubernetes/manifests/ directory on the Kubernetes Master Node. Run the command: grep -i basic-auth-file * If "basic-auth-file" is set in the Kubernetes API server manifest file, or is not configured this is a finding. |
| Fix Text (F-45672r712672_fix) |
|---|
| Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Master Node. Remove the setting "--basic-auth-file". |