Thousands User Credentials Leak Due to Incorrectly Setup Apache Airflow Servers

Many businesses from various industries that used Apache Airflow but did not properly configure it have been exposed online.

Thousands User Credentials Leak Due to Incorrectly Setup Apache Airflow Servers
Thousands User Credentials Leak Due to Incorrectly Setup Apache Airflow Servers | Image credits: Halodoc Blog

Misconfigured Apache Airflow servers from well-known software firms had been exposed online, according to Security Affairs. Many enterprises throughout the world utilize Apache Airflow, an open-source workflow management platform, to automate business and IT operations.

It was revealed that a large number of misconfigured Apache Airflow servers were exposed on the internet, revealing sensitive information such as login credentials from a number of different IT organizations.

Sensitive information on companies in the media and banking sectors as well as the industrial and transportation sectors is at risk because to insecure occurrences in these sectors. Credentials for well-known platforms and services, such as AWS, PayPal, Slack, and others, are available in the vulnerable Airflows.

For enterprises and their customers, experts examined the danger of misconfiguration. In addition, they provided specifics on the major causes of data leaking from susceptible instances. Many of the compromised Python DAG instances have passwords hardcoded inside the code, which Intezer researchers found to be the most common cause of credential leaks.

Poor configuration might result in the leakage of usernames and passwords

Intezer discovered a configuration file (airflow.cfg) with confidential information such as passwords and keys in other misconfigured installations. Threat actors may also make alterations to the settings, leading to odd results. Airflow variables, which are used throughout DAG scripts, could also leak credentials. These variables frequently include hardcoded passwords, according to the experts. Airflow plugins and functionalities could be abused by malicious actors to introduce malware into system variables.

The study looked at previous versions of Apache Airflow and found that using out-of-date software poses a number of security issues.

There were numerous problems with servers using Airflow v1.x, but these have been addressed in current versions of Airflow thanks to security mechanisms that prevent further problems.