While investigating a misconfiguration flaw in Apache Airflow, the security authorities have detected many exposed cases over the web leaking delicate data that include credentials from high-profile companies.
Apache Airflow has disclosed information for popular platforms and services like:-
In this event, the data that was exposed is from the industries that deal in the following sectors:-
- Media
- Finance
- Manufacturing
- Information technology
- Biotech
- E-commerce
- Health
- Energy
- Cybersecurity
- Transportation
Cloud Hosting Providers, Payment processors Drooled Credentials
This misconfiguration has lead to the leakage of sensitive includes thousands of credentials from high-profile platforms and services like Slack, PayPal, and Amazon Web Services (AWS).
Here, the most obvious reason for a credential leak that has been observed on Airflow servers was unsafe coding practices.
Apart from this, the misconfiguration risk deals with some points, and here we have mentioned them below:-
- Credential Exposure
- Insecure Coding Practices
- Variables
- Connections
- Logs
- Configuration
Leakage of Sensitive Data
The leakage of sensitive data basically means that the threat actors have access to data on the organization that holds the exposed server. Not only this but the threat actors can also steal the data and later use the information in various ways.
Moreover, this type of leaked data can expose the details regarding the compromised organization’s customers. And the consequences of such type of data leakage can commence to dangerous reputational damage for the company as well as the customer as they will encounter some potential loss.
Legal Action and Malware
In this type of malware flaw, there is the possibility that Airflow plugins or properties can be abused to run malicious code. There is another possible route for malicious code execution that can come via unofficial third-party plugins.
Mitigation
Moreover, there are three points that will help the organization to overcome this attack, and here we have mentioned them below:-
- Versioning
- Secure Coding Practices
- Runtime Cloud-Native Application Security
While companies need to stay cautious regarding this kind of threat and attack because these types of attacks are quite dangerous in nature as they involved data leakage.
