CNTR-K8-002630 - Kubernetes API Server must disable token authentication to protect information in transit.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Kubernetes token authentication uses password known as secrets in a plaintext file. This file contains sensitive information such as token, username and user uid. This token is used by service accounts within pods to authenticate with the API Server. This information is very valuable for attackers with malicious intent if the service account is privileged having access to the token. With this token a threat actor can impersonate the service account gaining access to the Rest API service.

Solution

Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Master Node. Remove parameter '--token-auth-file'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R5_STIG.zip

Item Details

References: CAT|II, CCI|CCI-002418, Rule-ID|SV-245543r754894_rule, STIG-ID|CNTR-K8-002630, Vuln-ID|V-245543

Plugin: Unix

Control ID: 7e0e57b77a74aee50bf8ce7996889efd8bb7d2b68587fa685f4e1d4fcceea418