Security News > 2021 > October > Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information
A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.
"Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled these features and thus many Prometheus endpoints are completely exposed to the Internet, leaking metric and label dat," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said in a report.
The findings come from a systematic sweep of publicly-exposed Prometheus endpoints, which were accessible on the Internet without requiring any authentication, with the metrics found exposing software versions and host names, which the researchers said could be weaponized by attackers to conduct reconnaissance of a target environment before exploiting a particular server or for post-exploitation techniques like lateral movement.
Some of the endpoints and the information disclosed are as follows -.
It's worth noting the two endpoints are disabled by default for security reasons as of Prometheus 2.0.
Besides recommending organizations to "Query the endpoints [] to help verify if sensitive data may have been exposed," the researchers noted that "Advanced users requiring stronger authentication or encryption than what's provided by Prometheus, can also set up a separate network entity to handle the security layer."