diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
index 45598c2a9..ef0d4ba41 100644
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
@@ -84,11 +84,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationEn
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.security.web.session.SessionManagementFilter;
-import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.vaadin.spring.security.VaadinSecurityContext;
 import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
 import org.vaadin.spring.security.web.VaadinRedirectStrategy;
@@ -454,7 +450,6 @@ public class SecurityManagedConfiguration {
      * Security configuration for the REST management API.
      */
     @Configuration
-    @EnableWebSecurity
     @Order(350)
     @ConditionalOnClass(MgmtApiConfiguration.class)
     public static class RestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@@ -501,11 +496,6 @@ public class SecurityManagedConfiguration {
             basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());
 
             HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
-
-            if (securityProperties.getCors().isEnabled()) {
-                httpSec = httpSec.cors().and();
-            }
-
             if (securityProperties.isRequireSsl()) {
                 httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
             }
@@ -537,22 +527,6 @@ public class SecurityManagedConfiguration {
             httpSec.anonymous().disable();
             httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         }
-
-        @Bean
-        @ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
-        CorsConfigurationSource corsConfigurationSource() {
-            final CorsConfiguration restCorsConfiguration = new CorsConfiguration();
-
-            restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
-            restCorsConfiguration.setAllowCredentials(true);
-            restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
-            restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
-
-            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-            source.registerCorsConfiguration("/rest/**", restCorsConfiguration);
-
-            return source;
-        }
     }
 
     /**