Apache Airflow is an open-source platform that is popular among organizations. They use it in scheduling and managing workflows. But according to researchers, misconfigurations in Apache Airflow can endanger credentials and other sensitive records to the internet and be involved in a possible cyber security risk.
From the latest discovery of security researchers, there have been found misconfigurations in Airflow that could expose records and information owned by several companies across all industries such as media, financial services, biotech, manufacturing, information technology, and health.
Due to Airflow misconfiguration, some exposed data allow hackers to intrude any enterprise network or encrypt malicious codes and malware in production systems. Data at risk for exposure include cloud hosting services credentials, social media platforms, and payment processors.
According to researchers, finding exposed data to execute cyber security risks is easy for threat actors, especially with misconfigured workflow management systems.
Threat actors can easily scan IP addresses and check their expected HTML files. Nonetheless, threat actors must be knowledgeable in the kind of platform they are dealing with since exploiting exposed data to steal sensitive information involves running codes that could be a difficult task.
With Apache Airflow, organizations can create and schedule any automated workflows. A 2020 survey has shown that Airflow usage ranges from scientists, data analysts, and data engineers working on mid to large-sized corporations. Most of these organizations tend to do so few customizations using Airflow before usage.
Through misconfigurations, Airflow can be put to cyber security risks despite the tool’s multiple security options.
For instance, security researchers identified a coding practice that seems to be the most common root cause of credential leaking in Airflow. In detail, passwords are hardcoded into either a Python code for arranging tasks or a different feature that enables users to classify a variable value. Other cases include the discovery of the misuse of the Connections feature by users and loading passwords in plaintext rather than securely encrypting them.
With the latest patch update of Apache Airflow, only approved personnel will have the authority to connect to it. It also has great security improvements that could further protect users of the tool.