Anonymous unauthenticated server accepted

Anonymous unauthenticated server accepted

Risk: medium

Description

Server accepts anonymous authentication.

Recommendation

To mitigate the risks associated with anonymous authentication, consider the following:

• Disable anonymous authentication on the server unless it's required.
• Avoid having sensitive files on the exposed server.
• Avoid giving anonymous users write permissions.
• Monitor and log anonymous users actions.

Links

Standards

• CWE_TOP_25:
  • CWE_287
• PCI_STANDARDS:
  • REQ_1_2
  • REQ_2_2
  • REQ_4_2
  • REQ_6_4
  • REQ_8_3
  • REQ_11_3
• SOC2_CONTROLS:
  • CC_2_1
  • CC_4_1
  • CC_6_1
  • CC_7_1
  • CC_7_2
  • CC_7_4
  • CC_7_5