- Microsoft security blog warns Kubernetes users about Helm charts with default settings
- These settings often come with open ports, weak credentials, and other risks
- Microsoft is urging Kubernetes users to review their settings
Kubernetes Helm charts can expose data without users ever knowing, Microsoft security researchers have warned, urging Kubernetes users to be careful and review the default configuration of their Helm charts.
Kubernetes is an open source platform for automating the deployment, scaling, and management of containerized applications. Helm, on the other hand, is a package manager that simplifies the deployment and management of applications on Kubernetes using pre-configured templates called charts.
It allows users to define, install, and upgrade complex Kubernetes applications with minimal manual configuration.
Default configurations
In a new blog post, titled “The risk of default configuration: How out-of-the-box helm charts can breach your cluster,” authors Michael Katchinskiy, and Yossi Weizman argued that in many cases, Helm charts require no authentication, keep certain ports open, and use easy-to-guess, or hardcoded passwords.
This happens when Helm charts are deployed with default settings, which is often the case with inexperienced cloud users.
“Default configurations that lack proper security controls create a severe security threat,” the blog reads. “Without carefully reviewing the YAML manifests and Helm charts, organizations may unknowingly deploy services lacking any form of protection, leaving them fully exposed to attackers.”
Katchinskiy and Weizman added that the risk is “particularly concerning” when the deployed apps can query sensitive API, or allow administrative actions.”
They singled out three cases where Helm charts put entire Kubernetes environments at risk – Apache Pinot, Meshery, and Selenium Grid.
The best way to mitigate the risk is to be careful when deploying Helm, not use default configurations, and evaluate the setup from a security perspective to make sure it includes authentication and network isolation.
Furthermore, Microsoft recommends users run regular scans for misconfigurations that can expose interfaces to the public, and keep a close eye on containers for unwarranted activity.
Via BleepingComputer
Leave a comment