TF 0082 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --auto-tls argument is not set to true
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
Enabling the --auto-tls flag in etcd causes the service to generate and use self-signed TLS certificates automatically, rather than relying on certificates signed by a trusted authority. This weakens the security of encrypted communication between etcd nodes.
Impact
If self-signed certificates are used, attackers could exploit the lack of mutual trust to intercept or modify traffic between etcd nodes, potentially exposing sensitive data or enabling unauthorized access to the Kubernetes control plane.
Resolution
Edit the etcd pod specification file /etc/kubernetes/manifests/etcd.yaml on the master node and either remove the --auto-tls parameter or set it to false.