UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Kubernetes API Server must disable basic authentication to protect information in transit.


Overview

Finding ID Version Rule ID IA Controls Severity
V-245542 CNTR-K8-002620 SV-245542r754891_rule High
Description
Kubernetes basic authentication sends and receives request containing username, uid, groups, and other fields over a clear text HTTP communication. Basic authentication does not provide any security mechanisms using encryption standards. PKI certificate-based authentication must be set over a secure channel to ensure confidentiality and integrity. Basic authentication must not be set in the manifest file.
STIG Date
Kubernetes Security Technical Implementation Guide 2021-11-22

Details

Check Text ( C-48817r754889_chk )
Change to the /etc/kubernetes/manifests/ directory on the Kubernetes Master Node. Run the command:

grep -i basic-auth-file *

If "basic-auth-file" is set in the Kubernetes API server manifest file this is a finding.
Fix Text (F-48772r754890_fix)
Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Master Node. Remove the setting "--basic-auth-file".