Misconfigured Docker Registries Expose Orgs To Critical Risks

In particular, we looked at the exposed Docker registries due to the misconfigured network access control. These registries contain the application source code and historical versions. When leaked, proprietary intellectual property can be stolen, malicious code can be injected, and operation critical data can be hijacked. We identified 2,956 exposed applications and 15,887 unique versions of the applications. The owners of these unsecured registries include research institutes, retailers, news media organizations, and technology companies.

Misconfigured Docker Registries Expose Orgs to Critical Risks

Although setting up a Docker registry server is straightforward, securing the communication and enforcing the access control requires extra configurations. System administrators may unintentionally expose a registry service to the internet without enforcing proper access control. In this research, we are interested in finding these "misconfigured" registries and exploring the leaked data. Note that we collected only the metadata and did not attempt to access the file content.

Since Kafka serves as a data hub and central processing system for mission-critical data, an exposed cluster risks every facet of the organization. An exposed cluster through Kafdrop can also be managed, which means hackers can also create damage beyond exfiltrating data, such as dropping a cluster, deleting topics, and more.