Keep in mind Memcached servers? Now, we’ve got one other case of servers uncovered on-line and fulfilling evil intentions of the hackers. This time, hundreds of etcd servers maintained by corporates and organizations are spitting delicate passwords and encrypted keys, permitting anybody to get entry to vital knowledge.
Safety researcher Giovanni Collazo was in a position to harvest 8781 passwords, 650 AWS entry keys, 23 secret keys, and eight personal keys.
First, he ran a question on the hacker search engine Shodan that returned round 2300 servers operating etcd database. Then, he ran a easy script that gave him the login credentials saved on these servers which can be utilized to realize entry to CMSs, MySQL, and PostgreSQL databases, and so forth.
etcd is a database utilized by computing clusters to retailer and change passwords and configuration settings between servers and purposes over the community. With the default settings, its programming interface can return administrative login credentials with none authentication upfront.
Collazo stated that he didn’t check the credentials, however the scary half is that a couple of of them ought to work. A decided particular person with a couple of spare minutes can receive a listing of tons of of database credentials and do no matter he needs, like, stealing knowledge or performing ransomware assaults.
All the knowledge he harvested from round 1500 servers is round 750MB in measurement. One other researcher named Troy Mursch independently verified Collazo’s findings. He posted a picture which confirmed how the careless implementation of safety was taken to a different degree. A MySQL database merely required “1234” because the password to realize root entry.
It actually is so simple as http://<IP deal with of etcd occasion>:2379/v2/keys/?recursive=true
This is an instance MySQL password discovered: pic.twitter.com/F3cyWj19P8
— Dangerous Packets Report (@bad_packets) March 18, 2018
Collazo advises that anybody sustaining etcd servers ought to allow authentication, arrange a firewall, and take different safety measures. This might forestall random folks from studying and writing on the server.