Cybersecurity researchers on Monday found misconfigurations throughout older variations of Apache Airflow situations belonging to quite a few high-profile firms throughout varied sectors, ensuing within the publicity of delicate credentials for standard platforms and providers akin to Amazon Net Companies (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe.
“These unsecured situations expose delicate data of firms throughout the media, finance, manufacturing, data expertise (IT), biotech, e-commerce, well being, power, cybersecurity, and transportation industries,” Intezer stated in a report shared with The Hacker Information.
Initially launched in June 2015, Apache Airflow is an open-source workflow administration platform that allows programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and different third-party providers. It is also some of the standard process orchestration instruments, adopted by Luigi, Kubeflow, and MLflow.
Among the most typical insecure coding practices uncovered by Intezer embody using hard-coded database passwords in Python DAG code or variables, plaintext credentials within the “Further” subject of connections, and cleartext keys in configuration information (airflow.cfg).
Chief among the many considerations related to misconfigured Airflow situations is the publicity of credentials that might be abused by menace actors to realize entry to accounts and databases, giving them the flexibility to unfold laterally or end in knowledge leakage, to not point out result in violation of knowledge safety legal guidelines and provides an perception into a company’s instruments and packages, which may later be exploited to stage supply-chain assaults.
“If a lot of passwords are seen, a menace actor also can use this knowledge to detect patterns and customary phrases to deduce different passwords,” Intezer researchers stated. “These might be leveraged in dictionary or brute-force-style assaults in opposition to different platforms.”
Much more regarding can also be the chance that malware might be launched on the uncovered manufacturing environments by leveraging the Variables characteristic to switch the container picture variables to level to a special picture containing unauthorized code.
Apache Airflow, for its half, has remediated lots of safety points with model 2.0.0 that was launched in December 2020, making it essential that customers of the software program replace to the most recent model and undertake safe coding practices to forestall passwords from being uncovered.