Feb 14, 2020

Docker registries are leaking

Docker registries leaking

Unit 42, a research group at cybersecurity company Palo Alto Networks, warned that widespread Docker registry misconfigurations are exposing hundreds of engineering teams around the world to data theft and malicious attacks.

What’s going on? A Docker registry is a "version-controlled storage for containerized applications" that help engineering teams store and manage their Docker images. These images contain all the necessary source code and configuration files to run an application.

To better understand how many organizations were improperly operating their registries, Unit 42 scanned the web for registries with misconfigured network access controls. That revealed hundreds of Docker registries that are open to intruders.

What’s the damage? According to Palo Alto Networks, "the Unit 42 team found 941 Docker registries exposed to the internet and 117 registries accessible without authentication. There were 2956 repositories and 15,887 tags in these registries, meaning effectively that nearly 3000 applications and almost 16,000 unique versions of these were exposed."

Exposed organizations include research institutes, retailers, news media firms, and technology companies.

Why this is important: Docker containers have fundamentally changed software development over the last decade. Applications are far more portable and modular, helping developers better bundle software and configuration in a bid to accelerate and simplify development.

With that innovation has come newfound cybersecurity risks that some development teams are only beginning to understand. Securing new container-based workflows will become even more critical for development teams.

Want to get more of these in your inbox?

Subscribe for weekly updates from the Software team.