The admin consoles of over 22,000 container orchestration and API management systems are currently exposed online, according to a report published on Monday by Lacework, a company specialized in cloud security. In its report, the company analyzed the breadth of the problem of cloud management systems left exposed online, focusing on container orchestration systems, such as Kubernetes, Docker Swarm, Mesos Marathon, Redhat Openshift, Portainer.IO, and Swarmpit.
"Although the vast majority of these management interfaces have credentials set up, there is little reason why they should be world-accessible and are far more vulnerable than they should be. These nodes are essentially openings to these organization’s cloud environments to anyone with basic skills at searching the web. These organizations, and the others who will replicate their mistakes, are opening themselves up to brute force password and dictionary attacks."
The Lacework report, which also includes basic advice for avoiding such exposures and hardening container management panel security, highlights a growing trend in today's IT landscape where many system administrators appear to have forgotten what passwords, firewalls, and access control lists (ACLs) are good for.