Ensure that the client certificate authorities file ownership is set to root:root
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The client certificate authorities file is not owned by root:root, which allows unauthorized users or processes to modify trusted CA certificates. This misconfiguration undermines the trust model of certificate-based authentication.
Impact#
If exploited, attackers could replace or tamper with CA certificates, enabling them to intercept, decrypt, or impersonate secure communications within the cluster, potentially leading to privilege escalation or total compromise of the environment.
Resolution#
Change the certificate authorities file ownership to root:root