Server Should Not Allow Access To Unauthenticated Users With Sign-Up

policy name: unauthenticated_signup_enabled

severity: HIGH


The server allows any person with network access to sign up, create a user and access sensitive data. Turning this off will reduce the risk of attackers trying to infiltrate the server.


  1. Press Settings -> General
  2. Expand “Sign-up restrictions” section
  3. Un toggle “Sign-up enabled”
  4. Press “Save Changes”