Skip to content

Access Control: MCP Server Accessible Without Authentication

Identifier: mcp_unauth

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Check if the MCP server is accessible without authentication.

An MCP server that is accessible without authentication allows anyone with network access to execute available MCP tools, which could lead to unauthorized access, data exposure, or system compromise.

Configuration

Example

Example configuration:

---
security_tests:
  mcp_unauth:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.