"Misconfigured Apache Airflow Platforms Threaten Organizations"

The security vendor Intezer has discovered that many organizations using the open-source Apache Airflow platform may be exposing credentials and other sensitive data to the Internet due to the way in which they use the technology. Many organizations use the Apache Airflow platform for workflow scheduling and management. Intezer's security researchers found several misconfigured Airflow instances exposing sensitive information belonging to organizations in manufacturing, media, financial services, information technology, health, and other industries. This information includes user credentials for cloud hosting services, payment processors, and social media platforms, such as Slack, AWS, and PayPal. According to Intezer, some of the data exposed via misconfigured Airflow instances could be used by threat actors to gain access to enterprise networks or launch malware in production environments and on the Apache Airflow platform itself. One of the Intezer researchers pointed out how easy it is to find exposed instances, saying that all a threat actor has to do is scan IP addresses and check them for the expected HTML file. However, the act of exploitation to run code is difficult and requires the threat actor to have a more in-depth understanding of each platform. Although Airflow provides multiple options for using it securely, organizations can put data at risk by how they use the platform. For example, the researchers found that the most common cause for credential leaks in Airflow is insecure coding. They discovered multiple Airflow instances where passwords had been hardcoded in the Python code for organizing tasks or in a feature that lets a user define a variable value. This article continues to discuss the discovery of misconfigured Airflow instances, the use of Apache Airflow by organizations, and other ways in which users can put enterprise data at risk via the insecure use of this platform.

Dark Reading reports "Misconfigured Apache Airflow Platforms Threaten Organizations"  

Submitted by Anonymous on