>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

V-245543Kubernetes API Server must disable token authentication to protect information in transit.

CAT I - High
CNTR-K8-002630

>Control Description

Kubernetes token authentication uses password known as secrets in a plaintext file. This file contains sensitive information such as token, username and user uid. This token is used by service accounts within pods to authenticate with the API Server. This information is very valuable for attackers with malicious intent if the service account is privileged having access to the token. With this token a threat actor can impersonate the service account gaining access to the Rest API service.

>Check Content

Change to the /etc/kubernetes/manifests/ directory on the Kubernetes Control Plane.

$grep -i token-auth-file *

If "--token-auth-file" is set in the Kubernetes API server manifest file, this is a finding.

>Remediation

Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Remove the setting "--token-auth-file".

>CCI References

CCI-002448

Control Correlation Identifiers (CCIs) map STIG findings to NIST 800-53 controls.

>Cross-Framework Mappings

NIST SP 800-53 r5

via DISA CCI List
SC-12
Compare

Ask AI

Configure your API key to use AI features.