Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.

  • ComMcNeil@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Not sure I understood everything, but it reads as if the image creator added secrets into the image? Wouldn’t that be the problem of the image creator, instead of people using the image?

    • TimeSquirrel@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      A developer works on a docker image for some sort of server software and puts in a backdoor for testing purposes or leaves some password somewhere defaulted to make things easier for them. Dev forgets about it, and publishes the image. Ten thousand people then download the compromised image and deploy it on Internet-facing servers without a second thought.