Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Kubernetes etcd Keys Exposure" module is designed to detect a specific misconfiguration in Kubernetes clusters. It targets the exposure of etcd keys, which can potentially lead to unauthorized access and compromise of sensitive data. This module has a medium severity level, indicating that it poses a moderate risk to the security of the cluster.
This module was authored by Hardik-Solanki.
If the "Kubernetes etcd Keys Exposure" module detects a misconfiguration, it means that the etcd keys are accessible to unauthorized parties. This can result in the exposure of sensitive information, such as private keys, which can be used for malicious purposes. It is crucial to address this issue promptly to prevent potential security breaches.
The "Kubernetes etcd Keys Exposure" module works by sending an HTTP GET request to the specified path ("/apiserver-etcd-client.key") within the Kubernetes cluster. It then applies matching conditions to determine if the exposed etcd keys are present in the response body and if the HTTP status code is 200 (OK).
Example HTTP request:
GET /apiserver-etcd-client.key
The module uses the following matching conditions:
- The response body must contain the words "BEGIN RSA PRIVATE KEY" and "END RSA PRIVATE KEY". - The HTTP status code must be 200 (OK).If both conditions are met, the module will report a vulnerability, indicating that the etcd keys are exposed and require immediate attention.