Thousands of misconfigured container and artifact registries expose sensitive credentials

Researchers have found thousands of publicly exposed and misconfigured container logs and artifact repositories belonging to companies that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems and, in some cases, even inject malicious code into repositories.

“In many cases, artifact management systems and container registries are connected to the Internet deliberately and by design allowing anonymous users to connect to various areas of the registry or even the entire registry,” they say researchers from cloud security firm Aqua Security in a report. “This design allows global teams, customers, and other stakeholders access to open source software that is shared across the enterprise or with external users. In some cases, however, restricted environments are accidentally shared with anonymous users; in other cases, teams accidentally publish sensitive information in public areas.”

Aqua’s research team set out to investigate this attack surface by scanning the Internet for logs that companies of all sizes made accessible from the Internet, and then investigated each of the misconfigurations, vulnerabilities, and ‘exposure of sensitive data. The records they found contained more than 250 million artifacts and more than 65,000 container images.

A registry is a central server for hosting software packages. These can be container images that include prepackaged and preconfigured applications or artifacts—binary files that are used during application creation or deployment. Both container images and artifacts may contain sensitive information within their configuration files and code, such as access tokens, authentication keys, database passwords, internal IP addresses, and file system paths to servers and additional assets such as databases.

Aqua’s team found more than 10,000 privately owned container records and more than 7,000 artifact repositories accessible from the Internet. This included registries configured with, a container creation and deployment tool, and artifact repositories configured with Sonatype Nexus and JFrog. More than 2,800 public access records and about 4,000 artifact repositories were set up for anonymous access.

This is not necessarily a security issue if such access is intended and limited to non-sensitive assets, but this was not the case for a significant number of them. Researchers were able to identify exposed credentials on more than 4,000 of them, and 156 hosts included sensitive information about storage systems (Redis, MongoDB, PostgreSQL, MySQL, etc.) that could allow attackers to plan lateral movement activities on the environment

Copyright © 2023 IDG Communications, Inc.

Source link
Hundreds of container and artifact registries have been found to have misconfigured settings, which has caused sensitive credentials to be exposed without users even knowing. The danger of compromised security is a real danger when these types of misconfigurations occur, leaving customers vulnerable to potential data breaches.

Ikaroa, a full stack tech company, is committed to providing companies with multiple ways to secure data. We understand that no single solution is bulletproof and that security requires a combination of multiple techniques and processes.

It is essential for companies to understand the importance of proper configuration and regularly maintain their registries. The simplest and most cost-effective way is to use a service like OpenContainer Security, which provides misconfiguration detection, vulnerability scanning, and dependency checking. OpenContainer Security helps customers ensure their container and artifact registries are secure and is available to use with all versions of Docker, Kubernetes, and other popular open source tools.

Companies can also deploy dedicated people, who are responsible for monitoring, configuring, and scanning the registries to prevent malicious activities. They need to make sure that the credentials and private keys responsible for the registries are secured and stored in a safe place.

At Ikaroa, our team of security experts is available to consult on additional measures to strengthen container and artifact registry security. We also provide customised solutions to help companies identify and remediate misconfigurations and bolster their security for improved data protection.

The threat of misconfigured container and artifact registries leading to exposed credentials is real and any misconfiguration must be taken seriously. Ikaroa offers comprehensive solutions to help mitigate the risk of sensitive information being compromised, giving companies the peace of mind they need in today’s data-driven world.


Leave a Reply

Your email address will not be published. Required fields are marked *