Server Should Not Allow Access To Unauthenticated Users With Sign-Up
policy name: unauthenticated_signup_enabled
severity: HIGH
Description
The server allows any person with network access to sign up, create a user and access sensitive data. Turning this off will reduce the risk of attackers trying to infiltrate the server.
Remediation
- Press Settings -> General
- Expand “Sign-up restrictions” section
- Un toggle “Sign-up enabled”
- Press “Save Changes”