A study conducted by researchers at RWTH Aachen University in Germany has unveiled a concerning revelation – tens of thousands of container images hosted on Docker Hub contain confidential secrets, posing a massive attack surface for potential security breaches affecting software, online platforms, and users.
Docker Hub, a cloud-based repository used by the Docker community to store and distribute Docker images, is the source of the exposure. These container images include essential elements like software code, runtime, libraries, environment variables, and configuration files, facilitating easy application deployment on Docker.
The researchers analyzed over 337,000 Docker images from Docker Hub and various private registries and discovered that approximately 8.5% of them harbor sensitive data, such as private keys and API secrets. The study further highlighted that many of these exposed keys are actively used, raising security concerns for elements reliant on them, such as hundreds of certificates.
The majority of the exposed secrets, 95% for private keys and 90% for API secrets, were found in single-user images, suggesting that they were unintentionally leaked. Docker Hub faced a higher impact, with a 9.0% exposure rate, compared to private repositories, indicating a potential lack of container security understanding among Docker Hub users.
Moreover, the study identified alarming figures, including 22,082 compromised certificates linked to exposed private keys, of which 141 remained valid at the time of the research. This level of exposure emphasizes the pressing issue of container security and the importance of sanitizing images to safeguard sensitive information from being compromised.
Please note that the researchers could not validate the use of exposed API secrets against their respective service endpoints due to ethical limitations, leaving the extent of the risk unknown.