Cybersecurity researchers from Aqua have identified a significant risk of supply chain attacks due to publicly exposed Kubernetes configuration secrets. These encoded secrets, stored in public repositories, were discovered through the GitHub API, revealing vulnerabilities in top blockchain companies and various Fortune 500 firms.
The research revealed that out of 438 records potentially holding valid credentials, 46% contained such credentials, providing unauthorized access to registries. Alarmingly, almost half of the 93 passwords discovered were deemed weak, emphasizing the urgency of implementing stringent organizational password policies.
The exposure of Kubernetes configuration secrets poses a serious threat, as it allows attackers to access container image registries, potentially leading to supply chain compromises.
Aqua researchers found that the majority of the exposed credentials provided both pulling and pushing privileges, heightening the risk of unauthorized activities within registries. Furthermore, private container images were often discovered within these exposed registries, raising concerns about the integrity and security of sensitive data. The research highlighted the critical need for organizations to enforce robust password creation rules to prevent the use of vulnerable passwords that could be exploited by malicious actors.
Despite the alarming findings, there were some positive aspects identified in the research. Credentials associated with AWS and Google Container Registry were temporary and expired, rendering unauthorized access impossible. Additionally, the GitHub Container Registry required two-factor authentication (2FA), adding an extra layer of security against unauthorized entry.
However, the research underscored the importance of organizations promptly removing secrets from files committed to public repositories on GitHub to prevent inadvertent exposure and bolster overall cybersecurity measures.
