Thousands of Docker Hub images were recently discovered holding sensitive information that could be used in a cyberattack.
A report from RWTH Aachen University in Germany analyzed more than 330,000 Docker Hub images, as well as thousands of private registries.
The results showed 8.5% of the material hosting sensitive data, which could include private keys, or API secrets. As a result, online platforms and its users could be targeted by cybercriminals. In total, more than 52,000 private keys, and more than 3,100 unique API secrets were found exposed.
Accidental leaks
Also, given the fact that the majority of the secrets were found in single-user images, the researchers believe the leak was accidental.
Furthermore, the researchers discovered that some of the exposed keys were in use, which means elements such as certificates were also at risk. In fact, more than 22,000 compromised certificates were found relying on the exposed private keys. That includes more than 7,500 private CA-signed, and more than 1,000 public CA-signed certificates.
For BleepingComputer, these CA-signed certificates are “of particular concern, as these certificates are typically used by a large number of users and are universally accepted.” By the time the researchers concluded their report, 141 CA-signed certificates were still valid. While that’s a lot smaller number compared to the initial thousands, it still means many users were at risk.
One of the conclusions of the report is that there is a “massive problem” in container security, and that the developers are reckless when it comes to keeping secrets - secret.
When it comes to API exposure, most of the containers belong to Amazon and other similar cloud providers, but some were found belonging to financial services, too.
- Check out the best firewalls right now
Via: BleepingComputer