Exposed Kubernetes Secrets Allow Hackers to Access Sensitive Environments

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. 



Besides this, hackers often target Kubernetes due to its widespread adoption, making it a valuable attack vector for compromising and controlling distributed systems. 



Security vulnerabilities in Kubernetes configurations can lead to the following:-



Unauthorized access



Data breaches



Disruption of critical services
Cybersecurity researchers at Aqua Nautilus recently discovered exposed Kubernetes secrets in many organizations, posing a severe supply chain attack threat by granting access to sensitive SDLC environments.






Document

@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap');
@import url('https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap');
*{
margin: 0; padding: 0;
text-decoration: none;
}
.container{
font-family: roboto, sans-serif;
width: 90%;
border: 1px solid lightgrey;
padding: 20px;
background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%);
margin: 20px auto ;
border-radius: 40px 10px;
box-shadow: 5px 5px 5px #e2ebff;
}
.container:hover{
box-shadow: 10px 10px 5px #e2ebff;

}
.container .title{
color: #015689;
font-size: 22px;
font-weight: bolder;
}
.container .title{
text-shadow: 1px 1px 1px lightgrey;
}
.container .title:after {
width: 50px;
height: 2px;
content: ' ';
position: absolute;
background-color: #015689;
margin: 20px 8px;
}
.container h2{
line-height: 40px;
margin: 2px 0;
font-weight: bolder;
}
.container a{

color: #170d51;
}
.container p{
font-size: 18px;
line-height: 30px;

}

.container button{
padding: 15px;
background-color: #4469f5;
border-radius: 10px;
border: none;
background-color: #00456e ;
font-size: 16px;
font-weight: bold;
margin-top: 5px;
}
.container button:hover{
box-shadow: 1px 1px 15px #015689;
transition: all 0.2S linear;

}
.container button a{
color: white;
}
hr{
/* display: none; */
}

Free Webinar

Live API Attack Simulation Webinar
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register for Free

Technical analysis



SAP’s system had 95 million artifacts, and not only that, but even top blockchain firms and Fortune 500s were also there.



Kubernetes.io has a Secrets config section, and by default, it stores them in unencrypted form in etcd (API server’s underlying datastore).



There are eight Secret types, and security analysts focus on:- 



dockercfg 



dockerconfigjson
In this scenario, the exploitation potential varies, as the basic-auth, tls, and ssh-auth need cluster details. Meanwhile, for internal exploits, the service account token is critically valuable.



Eight built-in types of Secrets:-



Opaque



kubernetes.io/service-account-token



kubernetes.io/dockercfg



kubernetes.io/dockerconfigjson



kubernetes.io/basic-auth



kubernetes.io/ssh-auth



kubernetes.io/tls



bootstrap.kubernetes.io/token
Security analysts used GitHub API to bypass the 1,000 limit with the help of a recursive search. Besides this, the complex regex targets YAML files with dockercfg/dockerconfigjson and base64-encoded secrets. 



Hundreds of cases were found by analysts in public repositories, highlighting the seriousness of the problem that affects the following entities:-



Individuals



Open-source projects



Large organizations
Researchers found 8,000 GitHub entries with .dockerconfigjson and .dockercfg. After refining the search to the base64-encoded user and password values, 438 records with potential credentials were identified. 



About 46% (203 records) had valid credentials, granting access to registries for pulling and pushing. Many registries contained private container images. 



Stakeholders were notified to address the exposed secrets. The dockerconfigjson field in Kubernetes stores Docker registry access credentials, enabling:- 



Image pull 



Image push
Exposed YAML (Source – Aquasec) Exposed registries



Exposed registries (Source – Aquasec) Use cases



While analyzing the 203 registries with valid credentials, analysts uncovered cases highlighting risks of exposed registries to organizations or open-source projects, with a focus on:-



Red Hat



Quay



Docker Hub
Here below, we have mentioned all the use cases:-



Use Case #1: SAP SE artifacts repository



Use Case #2: Blockchain companies



Use Case #3: Docker Hub accounts
Mitigations



Here below, we have mentioned all the provided mitigations:-



Remove from GitHub files containing sensitive information.



Use a Secrets Management Tool.



Use Environment Variables.



Encrypt Data at Rest.



Audit and Rotate Secrets.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial .
The post Exposed Kubernetes Secrets Allow Hackers to Access Sensitive Environments appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .