TF 0385 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
SSH Keys are the preferred way to connect to your droplet, no keys are supplied
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | DigitalOcean |
| Vulnerability Type | omission |
Description
The configuration allows creation of DigitalOcean droplets without specifying SSH keys, defaulting to less secure password-based authentication. This increases the risk of unauthorized access due to weaker credentials.
Impact
Attackers may more easily compromise droplets via brute-force or stolen passwords, leading to potential server takeover, data loss, or use of the server for malicious activities.
Resolution
Use ssh keys for login