Azure Local Accounts Enabled
Description
Detects Azure Kubernetes Service (AKS) clusters that have local authentication accounts enabled. Local accounts in AKS bypass Azure AD authentication and centralized access controls, which could lead to unauthorized cluster access and reduced security visibility.
Detection Strategy
• Examines each AKS cluster in the Azure subscription for the 'disable_local_accounts' property
• Reports a vulnerability if 'disable_local_accounts' is set to false or not configured
• Flags AKS clusters where local authentication is allowed, recommending Azure AD-based authentication instead
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.