Docker Leaks API Secrets & Private Keys, as Cybercriminals Pounce

  /     /     /  
Publicated : 23/11/2024   Category : security


Docker Leaks API Secrets & Private Keys, as Cybercriminals Pounce


Researchers found that the private keys and secrets they discovered being exposed within the Docker framework are already being used in the wild.



Container images shared on Docker Hub are leaking sensitive data in the cloud, to the tune of tens of thousands of secrets. And attackers are scooping these up to be used to compromise a wide range of hosts.
Because coding an application and deploying it into another environment can cause errors, developers combine everything together — files, libraries, and dependencies — to be put in containers in the cloud. This makes it easier to create applications that can work across systems. Docker images are a
common source for this method
of programming, and
Docker Hub
has millions of private repositories, automated builds, official images provided by Docker, and webhooks that trigger actions after a successful push to a repository to integrate Docker Hub with other services.
In a study
conducted by researchers at RWTH Aachen University in Germany, it was discovered that the ease with which the
Docker
framework allows containerization could lead to sharing private keys or API secrets, thus compromising the security of anyone who created or is using the image. The researchers uncovered 52,107 private keys in misconfigured containers, as well as 3,158 leaked API secrets.
They also found that the leaked keys were already being used in the wild. There were 1,060 certificates that used compromised keys, and 275,269 TLS and SSH hosts using leaked keys for authentication. 
This widespread usage allows attackers to eavesdrop on confidential or alter sensitive information, e.g., from the IoT, webpages, or databases, according to the report.
To boot, the researchers found 216 exposed Session Initial Protocol (SIP) hosts for telephones, and 8,165 SMTP, 1,516 POP3, and 1,798 IMAP servers used for emails. These have
security implications
around Internet-based communications, as these hosts can fall victim to impersonation attacks, allowing threat actors to eavesdrop as well as transmit and alter data.
In conducting
this study
, the researchers analyzed 337,171 images from Docker Hub as well as 8,076 from private registries.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Docker Leaks API Secrets & Private Keys, as Cybercriminals Pounce