Poorly Configured Apache Airflow Cases Leak Credentials for Standard Providers

Cybersecurity researchers on Monday found misconfigurations throughout older variations of Apache Airflow situations belonging to quite a lot of high-profile corporations throughout varied sectors, ensuing within the publicity of delicate credentials for common platforms and companies equivalent to Amazon Internet Providers (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe.

“These unsecured situations expose delicate data of corporations throughout the media, finance, manufacturing, data expertise (IT), biotech, e-commerce, well being, power, cybersecurity, and transportation industries,” Intezer mentioned in a report shared with The Hacker Information.

Automatic GitHub Backups

Initially launched in June 2015, Apache Airflow is an open-source workflow administration platform that permits programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and different third-party companies. It is also one of the common activity orchestration instruments, adopted by Luigi, Kubeflow, and MLflow.

A number of the most typical insecure coding practices uncovered by Intezer embody the usage of hard-coded database passwords in Python DAG code or variables, plaintext credentials within the “Further” area of connections, and cleartext keys in configuration recordsdata (airflow.cfg).

Chief among the many considerations related to misconfigured Airflow situations is the publicity of credentials that may very well be abused by risk actors to achieve entry to accounts and databases, giving them the flexibility to unfold laterally or lead to knowledge leakage, to not point out result in violation of knowledge safety legal guidelines and provides an perception into a corporation’s instruments and packages, which may later be exploited to stage supply-chain assaults.

Prevent Ransomware Attacks

“If a lot of passwords are seen, a risk actor may also use this knowledge to detect patterns and customary phrases to deduce different passwords,” Intezer researchers mentioned. “These might be leveraged in dictionary or brute-force-style assaults in opposition to different platforms.”

Much more regarding can also be the likelihood that malware might be launched on the uncovered manufacturing environments by leveraging the Variables function to switch the container picture variables to level to a unique picture containing unauthorized code.

Apache Airflow, for its half, has remediated a whole lot of safety points with model 2.0.0 that was launched in December 2020, making it essential that customers of the software program replace to the newest model and undertake safe coding practices to forestall passwords from being uncovered.

Source link