Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports.
Containing critical business data such as application source code and historical versions, these registries could put an organization’s entire cloud infrastructure at risk. Exposure could result in stolen proprietary intellectual property, hijacked operation critical data, or malicious code being injected.
Docker registries are servers where Docker images are stored and organized into repositories, with each repo containing images of one application and multiple versions of the application, each with a unique tag. Docker registries include support for three primary operations: pushing, pulling, and deleting images.
Of 941 Docker registries found to be exposed to the Internet, 117 do not require authentication, Palo Alto Networks’ security researchers say. Of the misconfigured registries, 80 allow the pull operation, 92 the push operation, and 7 the delete operation.
With some of these registries containing over 50 repositories and 100 tags, the security researchers identified a total of 2,956 applications and 15,887 application versions exposed.
The security researchers managed to attribute a quarter of the unsecured registries through reverse DNS lookup or cnames in the TLS certificates (without accessing the exposed images). The registries belong to research institutes, retailers, news media organizations, and technology companies.
“With all the source code and historical tags, malicious actors can design tailored exploits to compromise the systems. If the push operation is allowed, benign application images may be replaced with images with backdoors. These registries may also be used for hosting malware. If the delete operation is allowed, hackers could encrypt or delete the images and ask for ransom,” they note note in a blog post.
The issue, Pa ..
Support the originator by clicking the read the rest link below.
