Vast amount of Servers are leaking huge amounts of passwords and keys
Thousands of servers operated by businesses and other organizations are openly sharing credentials that may allow anyone on the Internet to log in and read or modify potentially sensitive data stored online.
In a blog post published late last week, researcher Giovanni Collazo said a quick query on the Shodan search engine returned almost 2,300 Internet-exposed servers running etcd, a type of database that computing clusters and other types of networks use to store and distribute passwords and configuration settings needed by various servers and applications. etcd comes with a programming interface that responds to simple queries that by default return administrative login credentials without first requiring authentication. The passwords, encryption keys, and other forms of credentials are used to access MySQL and PostgreSQL databases, content management systems, and other types of production servers.
Collazo said he wrote a simple script that ran through the 2,284 etcd servers found in his Shodan search. Using the query GET http://:2379/v2/keys/?recursive=true, the script was designed to return all credentials stored on the servers in a format that would be easy for hackers to use. Collazo stopped the script after it collected about 750 megabytes of data from almost 1,500 of the servers. The haul included:
- 8,781 passwords
- 650 Amazon Web services access keys
- 23 secret keys
- 8 private keys
As demostrated by Collazo the main theme here is securing a SQL server with encryption or the very least a stronger firewall. Code reviews of web sites that store this information are also part of the problem. The solution is to validate the web site or application that has access to vast amounts of information which are extremely important.
Baron Software offers that type of solution using our DBA staff members to review and plug the holes.
You must be logged in to post a comment.