Home Security Credentials and API Keys Leaking Online

Credentials and API Keys Leaking Online

by


Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks.

“Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new report shared with The Hacker News.

The cloud security firm also said that the exposure of the “/debug/pprof” endpoints used for determining heap memory usage, CPU usage, and others, could serve as a vector for DoS attacks, rendering the servers inoperable.

Cybersecurity

As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk.

The fact that sensitive information, such as credentials, passwords, authentication tokens, and API keys, could be leaked through internet-exposed Prometheus servers has been documented previously by JFrog in 2021 and Sysdig in 2022.

“Unauthenticated Prometheus servers enable direct querying of internal data, potentially exposing secrets that attackers can exploit to gain an initial foothold in various organizations,” the researchers said.

In addition, it has been found that the “/metrics” endpoint can not only reveal internal API endpoints, but also data about subdomains, Docker registries, and images — all valuable information for an attacker conducting reconnaissance and looking to expand their reach within the network.

That’s not all. An adversary could send multiple simultaneous requests to endpoints like “/debug/pprof/heap” to trigger CPU and memory-intensive heap profiling tasks that can overwhelm the servers and cause them to crash.

Aqua further called out a supply chain threat that involves using repojacking techniques to leverage the name associated with deleted or renamed GitHub repositories and introduce malicious third-party exporters.

Cybersecurity

Specifically, it discovered that eight exporters listed in Prometheus’ official documentation are vulnerable to RepoJacking, thereby allowing an attacker to recreate an exporter with the same name and host a rogue version. These issues have since been addressed by the Prometheus security team as of September 2024.

“Unsuspecting users following the documentation could unknowingly clone and deploy this malicious exporter, leading to remote code execution on their systems,” the researchers said.

Organizations are recommended to secure Prometheus servers and exporters with adequate authentication methods, limit public exposure, monitor “/debug/pprof” endpoints for any signs of anomalous activity, and take steps to avoid RepoJacking attacks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex