"Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys," Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new report shared with The Hacker News.
"Unauthenticated Prometheus servers enable direct querying of internal data, potentially exposing secrets that attackers can exploit to gain an initial foothold in various organizations," the researchers said.
The exposure of the "/debug/pprof" endpoints used for determining heap memory usage, CPU usage, and others, could serve as a vector for DoS attacks, rendering the servers inoperable.
As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk.
Collection
[
|
...
]