It was in the early days of Kubernetes and long since fixed. I don't recall the precise details, but it was likely the first official CVE we published: https://kubernetes.io/docs/reference/issues-security/officia...

Link to the patch fixing it: https://github.com/kubernetes/kubernetes/commit/7fef0a4f6a44...

Of course, we'd already fixed other issues like Kubelet listening on a secondary debug port with no authentication. Those problems stemmed from its origins as a make-it-possible hacker project and it took a while to pivot it to something usable in an enterprise.

I don't know where you can read about this, but you are in the good track

If there is no authenticationData then the if !Ok is never run and the code continues execution as it were authenticated.