Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide
SRG-APP-000400-CTR-000960
SRG-APP-000400-CTR-000960
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000400-CTR-000960
1 Rule
<GroupDescription></GroupDescription>
OpenShift must set server token max age no greater than eight hours.
Medium Severity
<VulnDiscussion>The setting for OAuth server token max age is used to control the maximum duration for which an issued OAuth access token remains valid. Access tokens serve as a form of authentication and authorization in OAuth-based systems. By setting a maximum age for these tokens, OpenShift helps mitigate security risks associated with long-lived tokens. If a token is compromised, its impact is limited to the maximum age duration, as the token will expire and become invalid after that period. It reduces the window of opportunity for unauthorized access and enhances the security of the system. By setting a maximum age for access tokens, OpenShift encourages the use of token refresh rather than relying on the same token for an extended period. Regular token refresh helps maintain a higher level of security by ensuring that tokens are periodically revalidated and rotated.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>