SECURITY
SECURITY
SECURITY
Misconfigured older Apache Airflow installations found leaking credentials
Security researchers at cybersecurity firm Intezer Labs Ltd. have uncovered misconfigurations in older versions of Apache Airflow that expose sensitive information across major companies.
The researchers said today they found that the unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology, biotech, e-commerce, health, energy, cybersecurity and transportation industries.
Apache Airflow is an open-source workflow management platform that Airbnb Inc. first designed in 2014 to manage the company’s workflows. The service offers a plug-and-play platform for data engineers to visualize data pipeline dependencies, progress, logs, code, trigger tasks and success status.
The service has become popular, and therein lies the problem with the misconfiguration of older versions used by many companies. The misconfiguration can be found in Amazon Web Services Inc., Google Cloud Platform, Stripe Inc., PayPal Holdings Inc., Binance Ltd. and Slack Inc among others.
The researchers noted that exposing secrets such as user credentials can cause data leakage or allow attackers to spread further in a system. Customer data exposed as a result of a data leak can lead to a violation of data protection laws and the possibility of legal action.
“This leak is extremely significant,” Jake Williams, co-founder and chief technology officer at incident response company BreachQuest Inc., told SiliconANGLE. “Unlike more traditional credential leaks that impact individual user accounts, these credential leaks impact entire application framework instances.
Threat actors might use leaked credentials to compromise entire databases containing sensitive user content, Williams explained. “In some cases, threat actors might be able to use these credentials to compromise entire application containers and/or run their own containers using a victim’s billing information,” he said. “In short, while user information wasn’t directly compromised through these leaks, they open the door to compromises of user data in massive quantities.”
Hank Schless, senior manager, security solutions at endpoint-to-cloud security company Lookout Inc., noted that the incident is concerning because of the number and variety of cloud services that Airflow supports. “As one of the most popular open-source solutions in the world, the effects of the incident are far-reaching,” he said.
Image: Intezer
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
