Cluster-f*ck! Etcd DBs spaff passwords, cloud keys to world by default

Found on The Register on Wednesday, 21 March 2018

Software called etcd, used for storing data across clusters of containers, has a problem – it does not implement authentication by default and so poses a security risk if deployed without further fiddling.

Troy Mursch, a security researcher with Bad Packets Report, said in an email to The Register, said, "I've independently verified [this issue] and confirmed it's a serious concern for anyone running etcd open to the internet."

You would think that after the issues with open Memcached and MongoDB servers, developers and admins would know better.

Browse all articles« Previous « » Next »