Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Kubernetes etcd Keys Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#files#exposure#kubernetes#k8s
Description

What is the "Kubernetes etcd Keys Exposure?" module?

The "Kubernetes etcd Keys Exposure" module is designed to detect a specific misconfiguration in Kubernetes clusters. It targets the exposure of etcd keys, which can potentially lead to unauthorized access and compromise of sensitive data. This module has a medium severity level, indicating that it poses a moderate risk to the security of the cluster.

This module was authored by Hardik-Solanki.

Impact

If the "Kubernetes etcd Keys Exposure" module detects a misconfiguration, it means that the etcd keys are accessible to unauthorized parties. This can result in the exposure of sensitive information, such as private keys, which can be used for malicious purposes. It is crucial to address this issue promptly to prevent potential security breaches.

How does the module work?

The "Kubernetes etcd Keys Exposure" module works by sending an HTTP GET request to the specified path ("/apiserver-etcd-client.key") within the Kubernetes cluster. It then applies matching conditions to determine if the exposed etcd keys are present in the response body and if the HTTP status code is 200 (OK).

Example HTTP request:

GET /apiserver-etcd-client.key

The module uses the following matching conditions:

- The response body must contain the words "BEGIN RSA PRIVATE KEY" and "END RSA PRIVATE KEY". - The HTTP status code must be 200 (OK).

If both conditions are met, the module will report a vulnerability, indicating that the etcd keys are exposed and require immediate attention.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/apiserver-etcd-clie...
Matching conditions
word: BEGIN RSA PRIVATE KEY, END RSA PRIVATE K...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability