SSH Keys are the preferred way to connect to your droplet, no keys are supplied
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | DigitalOcean |
| Vulnerability Type | omission |
Description#
The configuration allows creation of DigitalOcean droplets without specifying SSH keys, defaulting to less secure password-based authentication. This increases the risk of unauthorized access due to weaker credentials.
Impact#
Attackers may more easily compromise droplets via brute-force or stolen passwords, leading to potential server takeover, data loss, or use of the server for malicious activities.
Resolution#
Use ssh keys for login