Companies in the healthcare, insurance, media, and IoT industries are vulnerable to a new vulnerability, from substantial global companies to tiny start-ups. This is of concern to anybody who uses Kafdrop with Apache Kafka, an open-source distributed event streaming platform, for streaming analytics, high-performance data pipelines, mission-critical applications, and data integration.
By simply providing anybody with a UI to make it easy to examine live Kafka clusters without authentication, the Kafdrop bug has allowed data from Kafka clusters — ranging from financial transactions to mission important data – to be exposed Internet-wide.
According to Spectral CEO Dotan Nahum, they won’t identify any of the organizations whose clusters were found because they don’t want to give threat actors an advantage, but these vulnerabilities are quite pervasive. Moreover, because Kafka acts as a central data center, threat actors can penetrate and exfiltrate data and operate the cluster as they see fit with the help of a faulty Kafdrop.
The Kafdrop security issue uncovers secrets in real-time traffic. It reveals authentication tokens and other access data that allow hackers to contact enterprises’ cloud providers, including AWS, IBM, Oracle, and others, where Kafka clusters are frequently placed. Kafdrop also exposes the structure and topology of a cluster, exposing hosts, topics, partitions, and consumers, allowing live data sample and download, as well as topic creation and removal.
By misusing Kafdrop, threat actors may get access to a whole company’s nervous system, disclosing consumer data, transactions, medical records, internal system traffic, and more. Immediate mitigation is essential, according to Nahum. Spectral supplied an authentication code modification to Kafdrop when the problem was discovered.
Companies that haven’t included the authentication code can fix the Kafdrop problem by removing their Kafdrop UIs or redeploying them behind an app server like Ngnix with an active and configured authentication module to solve the Kafdrop vulnerability. Companies should scan not just code but also configuration, infrastructure, and data horizontally throughout the whole SDLC, according to Spectral, to prevent themselves from such security blunders that lead to breaches.
