Misconfigured older Apache Airflow installations found leaking credentials
Security researchers at cybersecurity firm Intezer Labs Ltd. have uncovered misconfigurations in older versions of Apache Airflow that expose sensitive information across major companies.
The researchers said today they found that the unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology, biotech, e-commerce, health, energy, cybersecurity and transportation industries.
Apache Airflow is an open-source workflow management platform that Airbnb Inc. first designed in 2014 to manage the company’s workflows. The service offers a plug-and-play platform for data engineers to visualize data pipeline dependencies, progress, logs, code, trigger tasks and success status.
The service has become popular, and therein lies the problem with the misconfiguration of older versions used by many companies. The misconfiguration can be found in Amazon Web Services Inc., Google Cloud Platform, Stripe Inc., PayPal Holdings Inc., Binance Ltd. and Slack Inc among others.
The researchers noted that exposing secrets such as user credentials can cause data leakage or allow attackers to spread further in a system. Customer data exposed as a result of a data leak can lead to a violation of data protection laws and the possibility of legal action.
“This leak is extremely significant,” Jake Williams, co-founder and chief technology officer at incident response company BreachQuest Inc., told SiliconANGLE. “Unlike more traditional credential leaks that impact individual user accounts, these credential leaks impact entire application framework instances.
Threat actors might use leaked credentials to compromise entire databases containing sensitive user content, Williams explained. “In some cases, threat actors might be able to use these credentials to compromise entire application containers and/or run their own containers using a victim’s billing information,” he said. “In short, while user information wasn’t directly compromised through these leaks, they open the door to compromises of user data in massive quantities.”
Hank Schless, senior manager, security solutions at endpoint-to-cloud security company Lookout Inc., noted that the incident is concerning because of the number and variety of cloud services that Airflow supports. “As one of the most popular open-source solutions in the world, the effects of the incident are far-reaching,” he said.
Image: Intezer
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU