Server Should Not Allow Access To Unauthenticated Users With Sign-Up

policy name: unauthenticated_signup_enabled

severity: HIGH

Description

The server allows any person with network access to sign up, create a user and access sensitive data. Turning this off will reduce the risk of attackers trying to infiltrate the server.

Remediation

1. Press Settings -> General
2. Expand ‘Sign-up restrictions’ section
3. Un toggle ‘Sign-up enabled’
4. Press ‘Save Changes’