Spectral researchers uncovered a security flaw in Kafdrop, a popular open-source UI and administrative interface for Apache Kafka clusters that has been downloaded over 20 million times. Companies affected include significant worldwide companies as well as smaller organisations in healthcare, insurance, media, and IoT — in short, everyone who uses Kafdrop with Apache Kafka.
Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications, including eight of the world's ten largest banks, the 10 largest global insurance companies, and eight of the world's ten key telecom providers. Kafka is commonly used to process and store logs, financial transactions, and private user data. It also powers consumer-centric data pipelines that process real-time actions, events, and behaviour. Kafka is cloud-native, with the ability to scale from small to massive cloud-based clusters. It is also highly scalable and tolerant.
“We can’t name any of the companies whose clusters we discovered, as we don’t want to give threat actors the edge, but these flaws are exceptionally widespread,” said Dotan Nahum, CEO at Spectral. “Furthermore, since Kafka serves as a central data hub, threat actors with assistance from a flawed Kafdrop, can infiltrate and exfiltrate data and manage the cluster as they see fit. They can connect as a Kafka subscriber to cause further havoc across the entire network.”
The Kafdrop security flaw not only exposes secrets in real-time traffic, but it also discloses authentication tokens and other access details that allow hackers to contact enterprises' cloud providers, like as AWS, IBM, Oracle, and others, where Kafka clusters are frequently placed. Kafdrop also provides insights into the layout and topology of a cluster, disclosing hosts, topics, partitions, and consumers, as well as the sampling and downloading of live data and the creation and removal of topics.
“Misusing Kafdrop allows threat actors to access the nervous system of an entire company, revealing customer data, transactions, medical records, internal system traffic, etc. Immediate mitigation is critical,” said Nahum.
When the flaw was discovered, Spectral promptly provided an authentication code addition back into Kafdrop. Spectral proposes that enterprises scan not only code, but also configuration, infrastructure, and data horizontally across the whole SDLC to defend themselves from such security blunders that lead to breaches.