Authentication mechanism absence or evasion - JFROG
Description
The application functions are accessed without the need to be logged into the server.
Impact
- Access Artifactory repositories. - Upload files to any repository without authorization. - Delete files from any repository without authentication.
Recommendation
Protect resources that are not authenticated for access.
Threat
Anonymous attacker from intranet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
227 - Display access notification228 - Authenticate using standard protocols229 - Request access credentials231 - Implement a biometric verification component235 - Define credential interface264 - Request authentication323 - Exclude unverifiable filesFixes