Misconfigured Docker Registries Expose Orgs To Critical Risks
Agathe Thies
By implementing these best practices, organizations can effectively mitigate the risks of exposing their registries and artifact repositories and protect against potential security threats. Download a full list of recommendations to mitigate risk from exposed registries & artifact repositories here.
Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject malicious code into repositories.
In particular, we looked at the exposed Docker registries due to the misconfigured network access control. These registries contain the application source code and historical versions. When leaked, proprietary intellectual property can be stolen, malicious code can be injected, and operation critical data can be hijacked. We identified 2,956 exposed applications and 15,887 unique versions of the applications. The owners of these unsecured registries include research institutes, retailers, news media organizations, and technology companies.
Although setting up a Docker registry server is straightforward, securing the communication and enforcing the access control requires extra configurations. System administrators may unintentionally expose a registry service to the internet without enforcing proper access control. In this research, we are interested in finding these "misconfigured" registries and exploring the leaked data. Note that we collected only the metadata and did not attempt to access the file content.
Running stale services or exposing Unnecessary services [Table 2 (vi)] on host Operating system increases the attack surface area. Vulnerable or misconfigured services exposed on host operating system can lead to Denial of Service (DoS) or even Remote Code execution vulnerabilities. For example CVE-2018-14009 can allow authenticated users to trigger remote code execution which gives access to the server running docker daemon.
There can be multiple scenarios and vulnerabilities on a docker registry as well. For example, Docker registries left unauthenticated and exposed t public [Table 4 (i)] can cause severe damage to the organization. It can open door of opportunities to attacker and help him getting internal applications and in worse case scenario even he can modify the images with malicious code in it. Corporate docker registries should never be left exposed to public and proper
aa06259810