Cyber security researchers on Monday discovered configuration errors in older versions of Apache Airflow instances owned by a number of leading companies in various industries, leading to the exposure of sensitive credentials for platforms and popular services like Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe.
“These insecure instances expose sensitive information from companies in the media, finance, manufacturing, information technology (IT), biotechnology, e-commerce, healthcare, ‘energy, cybersecurity and transportation,’ Intezer said in a report shared with The Hacker News.
Originally released in June 2015, Apache Airflow is an open source workflow management platform that enables programmatic planning and monitoring of workflows on AWS, GCP, Microsoft Azure, and other third-party services. . It’s also one of the most popular task orchestration tools, followed by Luigi, Kubeflow, and MLflow.
Some of the more common insecure coding practices discovered by Intezer include using hard-coded database passwords in Python DAG code or variables, plain text credentials in the “Extra” field “connections and keys in clear text in the configuration files (airflow.cfg).
One of the main concerns associated with improperly configured Airflow instances is the exposure of credentials that could be misused by malicious actors to gain access to accounts and databases, giving them the ability to spread sideways. or cause a data breach, not to mention the data breach. protection laws and provide insight into an organization’s tools and packages, which could then be leveraged to stage supply chain attacks.
“If a large number of passwords are visible, a malicious actor can also use this data to detect patterns and common words to infer other passwords,” said Intezer researchers. “These can be exploited in dictionary or brute force attacks against other platforms. “
Of even more concern is also the possibility that malware could be launched on exposed production environments by taking advantage of the Variables function to modify container image variables to point to a different image containing unauthorized code.
Apache Airflow, for its part, addressed many security issues with version 2.0.0 released in December 2020, making it essential that users of the software update to the latest version and adopt secure coding practices to prevent the exposure of passwords. .