Root Account Misconfiguration Potentially Exposes 19% of the Top 1,000 Containers in Docker Hub
Roughly 19% of the top 1,000 most popular containers on the Docker Hub portal are misconfigured, leaving them vulnerable to attacks given specific conditions. This was discovered after Jerry Gamblin of Kenna Security pulled the top 1,000 containers on Docker Hub and found 194 active root accounts that lacked passwords.
Although the lack of a password does not automatically mean that the containers themselves are open to abuse, configuration-based vulnerabilities can be potentially exploited under certain cases, as with the Alpine Linux vulnerability, the successful exploitation of which researchers from Cisco noted is environment-dependent.
In that specific scenario, the vulnerability could only be exploited if an exposed app implements Linux Pluggable Authentication Modules (PAM) or other tools that use /etc/shadow for authentication.
The list of containers that are potentially vulnerable, which includes containers from major organizations such as Microsoft and the U.K. government, has been published on GitHub, with the most popular container on the list, kylemanna/openvpn, having over 10,000,000 pulls.
The perils of misconfiguration
It might seem unusual that containers are still susceptible to a seemingly simple misconfiguration error; however, a large number of container-based incidents happen because of it. Fortunately, organizations can prevent a large number of container threats by implementing basic best practices.
- Updating machines regularly will minimize the chance of vulnerabilities that affect containers from being exploited.
- Running containers using root privileges should be avoided as much as possible. Using containers as application users can help protect machines from attacks.
- Ensuring that containers are properly configured prevents a large number of abuses from occurring. This includes implementing effective user credentials (in this case, setting up passwords). Docker has its own set of guidelines that can help users configure their containers and hubs.
Trend Micro Solutions
Trend Micro helps DevOps teams to build securely, ship fast, and run anywhere. The Trend MicroTM Hybrid Cloud Security solution provides powerful, streamlined, and automated security within the organization's development pipeline for runtime physical, virtual, and cloud workloads via XGenTM threat defense technology. It also adds protection for containers via the Deep SecurityTM platform and Deep Security Smart Check, providing vulnerability assessment and malware detection through fully automated preruntime scanning of Docker container images at the registry. This shifts security earlier in the development life cycle for comprehensive protection even prior to deployment.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report