GKE Master API endpoint has basic authentication enabled Affecting Kubernetes (Container) Engine service in GCP

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-ControlsCSA-CCM

Snyk IDSNYK-CC-TF-86
creditSnyk Research Team

Report a new misconfiguration Found a mistake?

Description

Unmanaged credentials are not covered by a proper lifecycle (rotation, revocation, password policy checks, etc.) leading to bad security practices. Additionally, basic authentication requires hardcoded credentials that are leaked in Terraform raw state as plain-text

How to fix?

Remove username and password attributes from master_auth configuration block. This misconfiguration can be ignored for Kubernetes instances >= v1.19, because basic authentication has been deprecated upstream

References

https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster
https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication#legacy-auth

GKE Master API endpoint has basic authentication enabled Affecting Kubernetes (Container) Engine service in GCP

Severity

Is your environment affected by this misconfiguration?

Description

How to fix?

References