Kafdrop is an open source web UI visual management interface for Apache Kafka. It is an open source cloud native platform for collecting, analyzing, storing and managing data flows.
Kafka is widely used in finance, big data analysis, large-scale Internet and other fields for real-time data processing. According to statistics, 60% companies among the Fortune 100 are using it, including Box, Cisco, Goldman Sachs, Intuit, Target, etc.
近期研究人员发现多个配置错误的Kafdrop接口实例,导致将Kafka集群暴露在互联网上,该风险可能成为黑客攻击的目标,攻击者可通过该漏洞获取数据或接管集群管理。
Researchers say it can automatically connect and map existing Kafka clusters, allowing users to manage the creation and deletion of topics, as well as understand the cluster topology and layout, and gain insights into hosts, topics, partitions and consumers. As a legitimate Kafka consumer, it also allows you to sample and download real-time data from all topics and partitions. These clusters exposed customer data, transactions, medical records, and internal system traffic: providing an inside look into the complete nervous system, all publicly available, according to the analysis report. "We found exposed clusters from companies across multiple industries, including insurance, healthcare, IoT, media and social networks.
Mitigation options:
1. Kafdrop deployment should be isolated from the Internet and configured with an authentication module.
2. If it is a single point, you can add an authentication module on Nginx.
Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/kafka-clusters-leads-to-sensitive-data-leakage.html
