Owasp principle of least privilege11/6/2023 ![]() Unrotated credentials: Since the credentials are spread all over the engineering ecosystem, they are exposed to a large number of employees and contractors.These logs can potentially flow to log management systems, expanding their exposure surface. This might leave credentials exposed in clear-text in logs, available to anyone with access to the build results to view. Credentials printed to console output: Credentials used in pipelines are often printed to the console output, deliberately or inadvertently.Credentials in container image layers: Credentials that were only required for building the image, still exist in one of the image layers - available to anyone who is able to download the image.How are these credentials called and injected to the build? Are these credentials accessible only in run-time, and only from the contexts where they are required?.Can credentials be accessed by unreviewed code flowing through the pipeline?.Can each pipeline access only the credentials it needs to fulfill its purpose?.In which context, and using which method, is each set of credentials used?.Given the large amount of pipelines and target systems they need access to, it’s imperative to understand. Credentials used insecurely inside the build and deployment processes: These credentials are used to access code repositories, read from and write to artifact repositories, and deploy resources and artifacts to production environments.From that moment on, the credentials are exposed to anyone with read access to the repository, and even if deleted from the branch it was pushed into - they continue to appear in the commit history, available to be viewed by anyone with repository access. Code containing credentials being pushed to one of the branches of an SCM repository: This can be either by mistake - without noticing the existence of the secret in the code, or deliberately - without understanding the risk of doing that.Some major flaws that affect credential hygiene: This variety of contexts, paired with the large amount of methods and techniques for storing and using them, creates a large potential for insecure usage of credentials. DescriptionĬI/CD environments are built of multiple systems communicating and authenticating against each other, creating great challenges around protecting credentials due to the large variety of contexts in which credentials can exist.Īpplication credentials are used by the application at runtime, credentials to production systems are used by pipelines to deploy infrastructure, artifacts and apps to production, engineers use credentials as part of their testing environments and within their code and artifacts. Insufficient credential hygiene risks deal with an attacker’s ability to obtain and use various secrets and tokens spread throughout the pipeline due to flaws having to do with access controls around the credentials, insecure secret management and overly permissive credentials.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |