Security News > 2021 > October > Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services, Binance, Google Cloud Platform, PayPal, Slack, and Stripe.
"These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology, biotech, e-commerce, health, energy, cybersecurity, and transportation industries," Intezer said in a report shared with The Hacker News.
Originally launched in June 2015, Apache Airflow is an open-source workflow management platform that enables programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and other third-party services.
Some of the most common insecure coding practices uncovered by Intezer include the use of hard-coded database passwords in Python DAG code or variables, plaintext credentials in the "Extra" field of connections, and cleartext keys in configuration files.
Chief among the concerns associated with misconfigured Airflow instances is the exposure of credentials that could be abused by threat actors to gain access to accounts and databases, giving them the ability to spread laterally or result in data leakage, not to mention lead to violation of data protection laws and give an insight into an organization's tools and packages, which could later be exploited to stage supply-chain attacks.
Apache Airflow, for its part, has remediated a lot of security issues with version 2.0.0 that was released in December 2020, making it critical that users of the software update to the latest version and adopt secure coding practices to prevent passwords from being exposed.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/u66NJxSUooY/poorly-configured-apache-airflow.html