Kafdrop is an open source web UI visual management interface for Apache Kafka. It is an open source cloud native platform for collecting, analyzing, storing and managing data flows.
Kafka is widely used in finance, big data analysis, large-scale Internet and other fields for real-time data processing. According to statistics, 60% companies among the Fortune 100 are using it, including Box, Cisco, Goldman Sachs, Intuit, Target, etc.
Recently, researchers discovered multiple misconfigured Kafdrop interface instances, which exposed the Kafka cluster to the Internet. This risk may becomehackerThe target of the attack, the attacker can obtain data or take over cluster management through this vulnerability.
Researchers say it can automatically connect and map existing Kafka clusters, allowing users to manage the creation and deletion of topics, as well as understand the cluster topology and layout, and gain insights into hosts, topics, partitions and consumers. As a legitimate Kafka consumer, it also allows you to sample and download real-time data from all topics and partitions. These clusters exposed customer data, transactions, medical records, and internal system traffic: providing an inside look into the complete nervous system, all publicly available, according to the analysis report. "We found exposed clusters from companies across multiple industries, including insurance, healthcare, IoT, media and social networks.
Mitigation options:
1. Kafdrop deployment should be isolated from the Internet and configured with an authentication module.
2. If it is a single point, you can add an authentication module on Nginx.
Original article, author: Chief Security Officer, if reprinted, please indicate the source: https://cncso.com/en/kafka-clusters-leads-to-sensitive-data-leakage.html