Legacy authentication should not be used
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Google Cloud Provider | PERMISSION |
Description
Legacy authentication such as username/password, and certificate authentication are considered less secure. Rather use OAuth or service accounts to authenticate.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Unauthorized access to nodes.
Remediation guidelines
Use another authentication method such as OAuth or service account. Explicitly disable username/password authentication on the master.