November 24, 2023 at 02:30AM
Cybersecurity researchers have discovered publicly exposed Kubernetes configuration secrets that could potentially lead to supply chain attacks. The secrets, containing credentials for accessing container image registries, were uploaded to public repositories. Among those affected are top blockchain companies and fortune-500 companies. The researchers found that a significant portion of the exposed credentials were weak passwords, underscoring the need for organizations to enforce stronger password policies. However, some positive findings included expired credentials and encryption of keys. The vulnerabilities and misconfigurations in container environments remain a top security concern.
Key Takeaways from Meeting Notes:
1. Cybersecurity researchers have discovered publicly exposed Kubernetes configuration secrets, posing a risk of supply chain attacks.
2. Aqua security researchers found encoded Kubernetes configuration secrets uploaded to public repositories, impacting top blockchain companies and fortune-500 companies.
3. Aqua leveraged the GitHub API to fetch entries containing .dockerconfigjson and .dockercfg, which store credentials for accessing container image registries.
4. Out of 438 records potentially holding valid credentials, 238 records (about 46%) contained valid credentials for registry access.
5. Of the 93 manually set passwords, almost 50% were considered weak, such as “password,” “test123456,” “windows12,” “ChangeMe,” and “dockerhub.”
6. The importance of strong organizational password policies to prevent the use of vulnerable passwords is emphasized.
7. Some organizations unintentionally expose secrets by failing to remove them from files committed to public repositories on GitHub.
8. Credentials associated with AWS and Google Container Registry (GCR) were temporary and expired, making access impossible.
9. The GitHub Container Registry required two-factor authentication (2FA) for added security.
10. Red Hat’s State of Kubernetes Security Report highlights vulnerabilities and misconfigurations as major concerns, with 37% of respondents experiencing revenue/customer loss due to container and Kubernetes security incidents.