Skip to content

H3-2021-0008

Unauthenticated Etcd Access

Category SECURITY_MISCONFIGURATION
Base Score 5.5

Description

The etcd server is accessible without authentication over plain (insecure) HTTP.

Impact

An attacker could access sensitive information stored in the database. Furthermore, an attacker could capture unencrypted traffic in transit to the database over HTTP.

References