Kubernetes console

The admin consoles of over 22,000 container orchestration and API management systems are currently exposed online, according to a report published on Monday by Lacework, a company specialized in cloud security.

In its report, the company analyzed the breadth of the problem of cloud management systems left exposed online, focusing on container orchestration systems, such as Kubernetes, Docker Swarm, Mesos Marathon, Redhat Openshift, Portainer.IO, and Swarmpit.

These are web-based administration panels that system administrators in small and large companies alike use to manage container-based cloud infrastructure inside their companies.

By default, these systems don’t need to be exposed online, unless a company has staff spread across large geographical areas who need access to these systems to manage their infrastructure.

Companies carelessly leave container consoles exposed online

But Lacework researchers warn that many of these systems aren’t properly secured behind firewalls or restricted to virtual private networks (VPNs), meaning anyone can find them with basic pen-testing tools or with IoT search engines like Shodan.

“Although the vast majority of these management interfaces have credentials set up, there is little reason why they should be world-accessible and are far more vulnerable than they should be,” Lacework says.

“These nodes are essentially openings to these organization’s cloud environments to anyone with basic skills at searching the web,” the company added. “These organizations, and the others who will
replicate their mistakes, are opening themselves up to brute force password and…

[SOURCE]