Security News > 2021 > December > Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide

Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide
2021-12-06 14:36

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than 20 million times.

Companies affected range from major global players to smaller organizations in healthcare, insurance, media, and IoT - basically anyone using Kafdrop with Apache Kafka, an open-source distributed event streaming platform, for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

The Kafdrop flaw has allowed the data from Kafka clusters - everything from financial transactions to mission critical data - to be exposed Internet-wide by simply giving anyone a UI to make it easy to review live Kafka clusters, without authentication.

"Furthermore, since Kafka serves as a central data hub, threat actors with assistance from a flawed Kafdrop, can infiltrate and exfiltrate data and manage the cluster as they see fit. They can connect as a Kafka subscriber to cause further havoc across the entire network."

Not only does the Kafdrop security flaw expose secrets in real-time traffic, but it also provides authentication tokens and other access details that allow hackers to reach the companies' cloud providers, such as AWS, IBM, Oracle, and others, on which Kafka clusters are often deployed.

For companies who haven't yet added the authentication code, they can address the Kafdrop flaw by either taking down their Kafdrop UIs or redeploying them behind an app server like Ngnix, using an active and configured authentication module.


News URL

https://www.helpnetsecurity.com/2021/12/06/kafdrop-flaw/