Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Misconfigured Docker Registries Expose Thousands of Repositories

Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports. 

Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports. 

Containing critical business data such as application source code and historical versions, these registries could put an organization’s entire cloud infrastructure at risk. Exposure could result in stolen proprietary intellectual property, hijacked operation critical data, or malicious code being injected. 

Docker registries are servers where Docker images are stored and organized into repositories, with each repo containing images of one application and multiple versions of the application, each with a unique tag. Docker registries include support for three primary operations: pushing, pulling, and deleting images.

Of 941 Docker registries found to be exposed to the Internet, 117 do not require authentication, Palo Alto Networks’ security researchers say. Of the misconfigured registries, 80 allow the pull operation, 92 the push operation, and 7 the delete operation.

With some of these registries containing over 50 repositories and 100 tags, the security researchers identified a total of 2,956 applications and 15,887 application versions exposed. 

The security researchers managed to attribute a quarter of the unsecured registries through reverse DNS lookup or cnames in the TLS certificates (without accessing the exposed images). The registries belong to research institutes, retailers, news media organizations, and technology companies. 

“With all the source code and historical tags, malicious actors can design tailored exploits to compromise the systems. If the push operation is allowed, benign application images may be replaced with images with backdoors. These registries may also be used for hosting malware. If the delete operation is allowed, hackers could encrypt or delete the images and ask for ransom,” they note note in a blog post

The issue, Palo Alto Networks says, has broader implications, as each registry is typically accessed by multiple clients, meaning that all the clients that pull and run images become vulnerable to compromise. 

Setting up a Docker registry server is straightforward, but extra configurations are required to ensure communications are secured and access control is enforced. However, without proper access control, registry services exposed to the Internet become a risk. 

Most cloud service providers, the network security firm points out, offer managed registry services, and customers also get additional features when choosing cloud-based registries, including a GUI user interface, vulnerability scanning, and integrated access control, to simplify registry management. 

“A misconfigured Docker registry could leak confidential data, lead to a full-scale compromise, and interrupt the business operations. The remediation strategy for this particular misconfiguration is straightforward, such as adding a firewall rule to prevent the registry from being accessed from the internet and enforcing authentication header in all the API requests,” Palo Alto concludes. 

Related: ‘Graboid’ Crypto-Jacking Worm Targets Docker Hosts

Related: JIRA Misconfiguration Leaks Data of Fortune 500 Companies

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility