Skip to content

Access Control: MCP Server Accessible Without Authentication

Identifier: mcp_unauth

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Check if the MCP server is accessible without authentication.

An MCP server that is accessible without authentication allows anyone with network access to execute available MCP tools, which could lead to unauthorized access, data exposure, or system compromise.

Configuration

Example

Example configuration:

---
security_tests:
  mcp_unauth:
    assets_allowed:
    - MCP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.